hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Can't keep session alive
Date Sat, 24 Jan 2009 12:48:13 GMT
On Fri, 2009-01-23 at 08:54 -0800, stoli wrote:
> I am in need of some guidance. Not sure what to try next.
> 
> The server I am connecting to (https) is dropping the session after I log
> in. After closer examination using the wire logging, it looks like the
> server is rejecting the secure session cookie sent back in the header. 
> 
> I have tried using CookiePolicy.RFC_2109 and
> CookiePolicy.BROWSER_COMPATIBILITY with the same results. Also, I have
> registered SSLProtocolSocketFactory to https as suggested by another post,
> but that had no effect either. Not sure if my observations are of any
> significance or just a red herring, but I can see that 2 secure session
> cookies get passed in the initial server response and then one on the
> subsequent connection. There is also a non-secure cookie in the mix.
> 
> Cookies:
> 
> JSESSIONID_EipPortal is a regular cookie (as reported by firefox)
> JSESSIONID_css_plt is the secure cookie (as reported by firefox)
> 
> 
> Log from the initial post (secure cookie not set yet):
> 
> [DEBUG] header - >> "Host: www15.thewebsite.com[\r][\n]"
> [DEBUG] header - >> "Cookie: $Version=0;
> JSESSIONID_EipPortal=0000mLmTcpbsjFKfBC_pcL6gqDY:12lm4ui6e; $Path=/;
> $Domain=.thewebsite.com[\r][\n]"
> [DEBUG] header - >> "[\r][\n]"
> [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
> [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
> [DEBUG] header - << "Date: Fri, 23 Jan 2009 16:23:41 GMT[\r][\n]"
> [DEBUG] header - << "Server: Apache/2.0.50 (Unix)[\r][\n]"
> [DEBUG] header - << "Pragma: No-cache[\r][\n]"
> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
> [DEBUG] header - << "Expires: Thu, 01 Jan 1970 00:00:00 GMT[\r][\n]"
> [DEBUG] header - << "Set-Cookie:
> JSESSIONID_css_plt=0000fC1rGr1GlfxozjOkvsNuePD:12m5redv2; Path=/;
> Domain=.thewebsite.com; Secure[\r][\n]"
> [DEBUG] header - << "Set-Cookie:
> JSESSIONID_css_plt=0000Z1Wyo3vVzZIISgLIa68SUDD:12m5redv2; Path=/;
> Domain=.thewebsite.com; Secure[\r][\n]"
> [DEBUG] header - << "Transfer-Encoding: chunked[\r][\n]"
> [DEBUG] header - << "Content-Type: text/html; charset=ISO-8859-1[\r][\n]"
> [DEBUG] header - << "Content-Language: en-US[\r][\n]"
> [DEBUG] header - << "[\r][\n]"
> [DEBUG] HttpMethodBase - Cookie accepted: "$Version=0;
> JSESSIONID_css_plt=0000fC1rGr1GlfxozjOkvsNuePD:12m5redv2; $Path=/;
> $Domain=.thewebsite.com"
> [DEBUG] HttpMethodBase - Cookie accepted: "$Version=0;
> JSESSIONID_css_plt=0000Z1Wyo3vVzZIISgLIa68SUDD:12m5redv2; $Path=/;
> $Domain=.thewebsite.com"
> [WARN] HttpMethodBase - Going to buffer response body of large or unknown
> size. Using getResponseBodyAsStream instead is recommended.
> [DEBUG] HttpMethodBase - Buffering response body
> [DEBUG] header - << "[\r][\n]"
> [DEBUG] HttpMethodBase - Resorting to protocol version default close
> connection policy
> [DEBUG] HttpMethodBase - Should NOT close connection, using HTTP/1.1
> [DEBUG] HttpConnection - Releasing connection back to connection manager.
> 
> 
> And then my next post to a different page on the site:
> 
> [DEBUG] header - >> "Host: www15.thewebsite.com[\r][\n]"
> [DEBUG] header - >> "Cookie: $Version=0;
> JSESSIONID_EipPortal=0000mLmTcpbsjFKfBC_pcL6gqDY:12lm4ui6e; $Path=/;
> $Domain=.thewebsite.com[\r][\n]"
> [DEBUG] header - >> "Cookie: $Version=0;
> JSESSIONID_css_plt=0000Z1Wyo3vVzZIISgLIa68SUDD:12m5redv2; $Path=/;
> $Domain=.thewebsite.com[\r][\n]"
> [DEBUG] header - >> "Content-Length: 53[\r][\n]"
> [DEBUG] header - >> "Content-Type:
> application/x-www-form-urlencoded[\r][\n]"
> [DEBUG] header - >> "[\r][\n]"
> [DEBUG] EntityEnclosingMethod - Request body sent
> [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
> [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
> [DEBUG] header - << "Date: Fri, 23 Jan 2009 16:23:41 GMT[\r][\n]"
> [DEBUG] header - << "Server: Apache/2.0.50 (Unix)[\r][\n]"
> [DEBUG] header - << "Pragma: No-cache[\r][\n]"
> [DEBUG] header - << "Cache-Control: no-cache[\r][\n]"
> [DEBUG] header - << "Expires: Thu, 01 Jan 1970 00:00:00 GMT[\r][\n]"
> [DEBUG] header - << "Set-Cookie:
> JSESSIONID_css_plt=0000TNVzKbFJjorCKNqwpQ1CHAi:12m5redv2; Path=/;
> Domain=.thewebsite.com; Secure[\r][\n]"
> [DEBUG] header - << "Transfer-Encoding: chunked[\r][\n]"
> [DEBUG] header - << "Content-Type: text/html; charset=ISO-8859-1[\r][\n]"
> [DEBUG] header - << "Content-Language: en-US[\r][\n]"
> [DEBUG] header - << "[\r][\n]"
> [DEBUG] HttpMethodBase - Cookie accepted: "$Version=0;
> JSESSIONID_css_plt=0000TNVzKbFJjorCKNqwpQ1CHAi:12m5redv2; $Path=/;
> $Domain=.thewebsite.com"
> [WARN] HttpMethodBase - Going to buffer response body of large or unknown
> size. Using getResponseBodyAsStream instead is recommended.
> [DEBUG] HttpMethodBase - Buffering response body
> [DEBUG] header - << "[\r][\n]"
> [DEBUG] HttpMethodBase - Resorting to protocol version default close
> connection policy
> [DEBUG] HttpMethodBase - Should NOT close connection, using HTTP/1.1
> [DEBUG] HttpConnection - Releasing connection back to connection manager.
> 
> 
> So, my assumption is that since the server is resending the
> JSESSIONID_css_plt cookie, that it is considering my session to be expired.
> 
> What do I do next?
> 
> Rick

Rick,

I suspect RFC2109 compliant cookie format may be a problem. Consider
using the so called browser compatibility spec and also set the
'http.protocol.single-cookie-header' parameter to true

http://hc.apache.org/httpclient-3.x/cookies.html

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message