Return-Path: Delivered-To: apmail-jakarta-httpclient-user-archive@www.apache.org Received: (qmail 64773 invoked from network); 11 Oct 2007 09:34:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Oct 2007 09:34:21 -0000 Received: (qmail 94440 invoked by uid 500); 11 Oct 2007 09:34:08 -0000 Delivered-To: apmail-jakarta-httpclient-user-archive@jakarta.apache.org Received: (qmail 94426 invoked by uid 500); 11 Oct 2007 09:34:08 -0000 Mailing-List: contact httpclient-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: "HttpClient User Discussion" Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-user@jakarta.apache.org Received: (qmail 94415 invoked by uid 99); 11 Oct 2007 09:34:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Oct 2007 02:34:07 -0700 X-ASF-Spam-Status: No, hits=2.7 required=10.0 tests=SPF_NEUTRAL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [213.46.255.22] (HELO viefep24-int.chello.at) (213.46.255.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Oct 2007 09:34:10 +0000 Received: from [192.168.0.63] (really [212.71.105.68]) by viefep24-int.chello.at (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP id <20071011093337.SYVY9794.viefep24-int.chello.at@[192.168.0.63]> for ; Thu, 11 Oct 2007 11:33:37 +0200 Subject: Re: problem with https and cookies based session From: Oleg Kalnichevski To: HttpClient User Discussion In-Reply-To: <13138543.post@talk.nabble.com> References: <13097295.post@talk.nabble.com> <1192026214.21647.16.camel@okhost> <13137646.post@talk.nabble.com> <1192028896.21647.39.camel@okhost> <13138543.post@talk.nabble.com> Content-Type: text/plain Date: Thu, 11 Oct 2007 11:33:32 +0200 Message-Id: <1192095212.5578.5.camel@okhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On Wed, 2007-10-10 at 08:49 -0700, nzaghini wrote: > I am really sorry my code before was incomplete, and of course it didn't make > sense, unfortunately is not so easy.. (the get method was wrong too, i > apologize) > > >HttpClient client = new HttpClient(); > > client.getParams().setParameter(HttpMethodParams.USER_AGENT, > > " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) > > Gecko/20070914 Firefox/2.0.0.7"); > > > > Protocol easyhttps = new Protocol("https", new > > EasySSLProtocolSocketFactory(), 443); > > Protocol.registerProtocol("https", easyhttps); > > > > GetMethod method = new GetMethod("https://nicola:8443/ssp/"); > > > method.setDoAuthentication(true); // tryed with and without > > > > HttpState state = new HttpState(); > > int statusCode = client.executeMethod(client.getHostConfiguration(), method, > state); > String responseBody = method.getResponseBodyAsString(); > > > statusCode = client.executeMethod(client.getHostConfiguration(), method, > state); > responseBody = method.getResponseBodyAsString(); > > > statusCode = client.executeMethod(client.getHostConfiguration(), method, > state); > responseBody = method.getResponseBodyAsString(); > > > I think this code should be fine to let my session go ahead, but putting > break-point among invocations i can clearly see the content (session id) of > the state object change after every invocation, and this makes my counter > service on https://nicola:8443/ssp/ answer with the number 0 every > invocation. > > Of course the behavior change if i use http://nicola:8080/ssp/ as target > page, it means that the result is 0, 1, 2 and the state object shows a > session id never changing. > > Thanks for your help. > nicola > > Nicola Aha! The _session ID_ always changes, not the HttpState instance. Please post two wire/context logs (one for a plain connection and another one for https) http://jakarta.apache.org/httpcomponents/httpclient-3.x/logging.html Oleg > > > > olegk wrote: > > > > On Wed, 2007-10-10 at 07:57 -0700, nzaghini wrote: > >> >There is no difference between plain http or https as far as the cookie > >> >based state management is concerned. > >> > >> I am completely agree with you, but the result of my invocations seems to > >> be > >> different from the normal/logic/expected behavior.. > >> > >> >Why does it always change? > >> > >> This is the question, i can't figure out why it change all the time. > >> To let you better understand the situation i paste here my entire code, > >> because maybe the problem is so macroscopic that i can't see it being too > >> close.. > >> > >> I forgot to tell you that using the basic https support everithing works > >> fine, but i need to work even with self-signed servers, and this is the > >> solution suggested by HttpClient Jakarta site. > >> > >> HttpClient client = new HttpClient(); > >> client.getParams().setParameter(HttpMethodParams.USER_AGENT, > >> " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) > >> Gecko/20070914 Firefox/2.0.0.7"); > >> > >> Protocol easyhttps = new Protocol("https", new > >> EasySSLProtocolSocketFactory(), 443); > >> Protocol.registerProtocol("https", easyhttps); > >> > >> GetMethod method = new GetMethod("http://nicola:8080/ssp/"); > >> method.setDoAuthentication(true); // tryed with and without > >> > > ===================================== > >> HttpState state = new HttpState(); > >> > >> client.setState(state); > > ==================================== > > Nicola, > > > > You are creating a new instance of HttpState for _each_ request thus > > effectively discarding all cookies stored previously. No wonder sessions > > do not 'stick'. > > > > Oleg > > > > > >> // tryed with and without > >> int statusCode = client.executeMethod(client.getHostConfiguration(), > >> method, > >> null); //tryed with state instead of null > >> > >> Thanks! > >> nicola > >> > >> > >> olegk wrote: > >> > > >> > On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote: > >> >> Hi, > >> >> i have a problem with https and cookies based sessioning system. > >> > > >> > There is no difference between plain http or https as far as the cookie > >> > based state management is concerned. > >> > > >> >> I've just added the following line of code to my component exploiting > >> >> httpclient > >> >> > >> >> Protocol easyhttps = new Protocol("https", > >> >> EasySSLProtocolSocketFactory(), 443); > >> >> Protocol.registerProtocol("https", easyhttps); > >> >> > >> >> All the classes used here comes from the httpclient home site. > >> >> > >> >> What i need, and it works fine without ssl, is to make several request > >> >> with > >> >> the same HttpState obejct to let the session go ahead.. > >> >> > >> >> So, while i try to invoke the executeMethod several times like this: > >> >> > >> >> int statusCode = client.executeMethod(client.getHostConfiguration(), > >> >> method, > >> >> state); > >> >> int statusCode = client.executeMethod(client.getHostConfiguration(), > >> >> method, > >> >> state); > >> >> int statusCode = client.executeMethod(client.getHostConfiguration(), > >> >> method, > >> >> state); > >> >> > >> >> the state obect (instance of HttpState class) always chage, > >> > > >> > Why does it always change? > >> > > >> > Oleg > >> > > >> >> so i cannot go > >> >> ahead in the application session and all the time i'm in the same > >> >> situation. > >> >> > >> >> Thanks million for your help! > >> >> nicola > >> > > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org > >> > For additional commands, e-mail: > >> httpclient-user-help@jakarta.apache.org > >> > > >> > > >> > > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-user-help@jakarta.apache.org