hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "micky" <micky_...@cyberpowersystems.com.tw>
Subject RE: HttpClient persist same cookie in HTTPS and HTTP connection?
Date Sat, 23 Aug 2008 16:21:20 GMT
Dear, 

I figure out it by myself.

First I need to explain the experiment in the previous mail more clearly in
the following description.

And I add two more experiments to figure out the problem.

Let us continue with the previous experiment:


Experiment 1
step 1: Connect with HTTPS(POST)
step 2: Continue connecting with HTTP(POST)
Result debug log: http://tinypaste.com/37698 

Experiment 2
step 1: Connect with HTTP(POST) 
step 2: Continue connecting with HTTP(POST) 
Result debug log: http://tinypaste.com/d8a7e

Experiment 3
step 1: Connect with HTTPS(GET) 
step 2: Continue connecting with HTTPS(POST) 
step 3: Continue connecting with HTTP(POST) 
Result debug log: http://tinypaste.com/7d928

Experiment 4
step 1: Connect with HTTP(GET) 
step 2: Continue connecting with HTTPS(POST) 
step 3: Continue connecting with HTTP(POST)
Result debug log: http://tinypaste.com/1ff2e


Result is
The "experiment 1" has the different session in step 2.
The "experiment 2" has the same session in both connections.
The "experiment 3" has the different session in step 3.
The "experiment 4" has the same session in all connections.


In conclusion, when I need to POST a HTTPS followed by POST a HTTP, I need
to GET a HTTP first to make sure the following connection to the website
will use the same session all the time.

Is my conclusion wrong? If I am right, does it mean the HttpClient won't
manage the session when I only POST a HTTPS then POST a HTTP?

Thanks for any suggestion or help in advance.

Sincerely,
Micky



-----Original Message-----
From: micky [mailto:micky_lee@cyberpowersystems.com.tw] 
Sent: Saturday, August 23, 2008 6:46 PM
To: 'HttpClient User Discussion'
Subject: HttpClient persist same cookie in HTTPS and HTTP connection?

Dear,

 

I have problem about HTTP connection with SSL (called HTTPS).

 

I use HttpClient 4.0 alpha 4.

 

I use HttpClient with HTTPS connection to my website first and then I use
HttpClient with HTTP connection to my website. The issue is that the first
connection's cookie (session id) is different from the second connection's
cookie. I am sure I use the same HttpClient object to connect to my website.
So I guess it occurred because HTTPS and HTTP are different connection.

 

I make an experiment on it. The test is on my localhost computer.

 

Experiment 1

step 1: Connect with HTTPS first

step 2: Reconnect with HTTP second

Result debug log: http://tinypaste.com/37698 

 

Experiment 2

step 1: Connect with HTTP first

step 2: Reconnect with HTTP second

Result debug log: http://tinypaste.com/d8a7e 

 

According to the result debug log, in the experiment 2, the HttpClient
object will use the same connection with the same cookie in first connection
to do the second connection, so that the session persists.

 

But in experiment 1, the first cookie is different from second cookie, so
that the session will not be persisted.

 

Because I need to login my website with HTTPS (for security reason) and then
browse it with HTTP (for performance reason), so I think HttpClient will
cover this cookie issue for me. But the experiment says it's not as what I
think.

 

 

This is partial code I wrote:

// some initial codes.

 

// Create and initialize scheme registry

SchemeRegistry schemeRegistry = new SchemeRegistry();

schemeRegistry.register( new Scheme("http",
PlainSocketFactory.getSocketFactory(), 3052));

schemeRegistry.register( new Scheme("https", sslSocketFactory, 8443));

        

// Create an HttpClient with the ThreadSafeClientConnManager.

// This connection manager must be used if more than one thread will

// be using the HttpClient.

clientConnManager = new ThreadSafeClientConnManager(params, schemeRegistry);

httpClient = new DefaultHttpClient(clientConnManager, params);

 

// some executed codes.

 

 

 

Is there any suggestion? Or I miss something wrong?

 

Please give me a hand to solve this problem.

 

Thank you in advance.

 

 

Sincerely,

Micky



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message