You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by nzaghini <nz...@gmail.com> on 2007/10/08 16:05:11 UTC

problem with https and cookies based session

Hi,
i have a problem with https and cookies based sessioning system.
I've just added the following line of code to my component exploiting
httpclient

    Protocol easyhttps = new Protocol("https",
EasySSLProtocolSocketFactory(), 443);
    Protocol.registerProtocol("https", easyhttps);

All the classes used here comes from the httpclient home site.

What i need, and it works fine without ssl, is to make several request with
the same HttpState obejct to let the session go ahead..

So, while i try to invoke the executeMethod several times like this:

int statusCode = client.executeMethod(client.getHostConfiguration(), method,
state);
int statusCode = client.executeMethod(client.getHostConfiguration(), method,
state);
int statusCode = client.executeMethod(client.getHostConfiguration(), method,
state);

the state obect (instance of HttpState class)  always chage, so i cannot go
ahead in the application session and all the time i'm in the same situation.

Thanks million for your help!
nicola
-- 
View this message in context: http://www.nabble.com/problem-with-https-and-cookies-based-session-tf4588385.html#a13097295
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Fri, 2007-10-12 at 01:18 -0700, nzaghini wrote:
> Oleg you win your bet! Thanks million, now it works fine..
> The really last last question is: there is a better way to do this? (i mean
> instead of making the cast):
> 

No, not with HttpClient 3.x. 

Oleg


> EasySSLProtocolSocketFactory epsf = new EasySSLProtocolSocketFactory();
> Protocol easyhttps = new Protocol("https", (ProtocolSocketFactory)epsf,
> 443);
> 
> because the constructor:
> 
> public Protocol(String scheme,
>                 SecureProtocolSocketFactory factory,
>                 int defaultPort) 
> 
> is deprecated..
> 
> Thanks again!
> nicola
> 
> 
> olegk wrote:
> > 
> > On Thu, 2007-10-11 at 09:12 -0700, nzaghini wrote:
> >> Hi Oleg,
> >> this is what you asked me, of course running the same code just changing
> >> protocol and port.
> >> 
> > 
> > Nicola
> > 
> > I bet your EasySSLProtocolSocketFactory does not implement
> > SecureProtocolSocketFactory interface. No wonder HttpClient refuses to
> > send secure cookies over a connection it considers insecure.
> > 
> > Oleg
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> > 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by nzaghini <nz...@gmail.com>.

Oleg you win your bet! Thanks million, now it works fine..
The really last last question is: there is a better way to do this? (i mean
instead of making the cast):

EasySSLProtocolSocketFactory epsf = new EasySSLProtocolSocketFactory();
Protocol easyhttps = new Protocol("https", (ProtocolSocketFactory)epsf,
443);

because the constructor:

public Protocol(String scheme,
                SecureProtocolSocketFactory factory,
                int defaultPort) 

is deprecated..

Thanks again!
nicola


olegk wrote:
> 
> On Thu, 2007-10-11 at 09:12 -0700, nzaghini wrote:
>> Hi Oleg,
>> this is what you asked me, of course running the same code just changing
>> protocol and port.
>> 
> 
> Nicola
> 
> I bet your EasySSLProtocolSocketFactory does not implement
> SecureProtocolSocketFactory interface. No wonder HttpClient refuses to
> send secure cookies over a connection it considers insecure.
> 
> Oleg
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/problem-with-https-and-cookies-based-session-tf4588385.html#a13170949
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Thu, 2007-10-11 at 09:12 -0700, nzaghini wrote:
> Hi Oleg,
> this is what you asked me, of course running the same code just changing
> protocol and port.
> 

Nicola

I bet your EasySSLProtocolSocketFactory does not implement
SecureProtocolSocketFactory interface. No wonder HttpClient refuses to
send secure cookies over a connection it considers insecure.

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by nzaghini <nz...@gmail.com>.

Hi Oleg,
this is what you asked me, of course running the same code just changing
protocol and port.

*** HTTP ***
2007/10/11 17:08:35:734 IST [DEBUG] HttpClient - Java version: 1.6.0_02
2007/10/11 17:08:35:734 IST [DEBUG] HttpClient - Java vendor: Sun
Microsystems Inc.
2007/10/11 17:08:35:734 IST [DEBUG] HttpClient - Java class path:
C:\developer\workspace\transformer-client\bin;C:\developer\eclipseTPTP\plugins\org.junit4_4.3.1\junit.jar;C:\developer\workspace\transformer-client\lib\commons-logging-1.1.jar;C:\developer\workspace\transformer-client\lib\log4j-1.2.14.jar;C:\developer\workspace\transformer-client\lib\axiom\axiom-api-1.2.5.jar;C:\developer\workspace\transformer-client\lib\axiom\axiom-impl-1.2.5.jar;C:\developer\workspace\transformer-client\lib\axiom\jaxen-1.1-beta-9.jar;C:\developer\workspace\transformer-client\lib\axiom\stax-api-1.0.1.jar;C:\developer\workspace\transformer-client\lib\axiom\xml-apis-1.3.03.jar;C:\developer\workspace\transformer-client\lib\httpclient\commons-codec-1.3.jar;C:\developer\workspace\transformer-client\lib\httpclient\commons-httpclient-3.1.jar;C:\developer\workspace\transformer-client\lib\spring\spring.jar;C:\developer\workspace\transformer-client\lib\tagsoup\tagsoup-1.1.3.jar;C:\developer\workspace\transformer-client\lib\spring\quartz-1.5.2.jar;C:\developer\workspace\transformer-client\lib\JCS\concurrent.jar;C:\developer\workspace\transformer-client\lib\JCS\jcs-1.2.7.9.jar
2007/10/11 17:08:35:750 IST [DEBUG] HttpClient - Operating system name:
Windows XP
2007/10/11 17:08:35:750 IST [DEBUG] HttpClient - Operating system
architecture: x86
2007/10/11 17:08:35:750 IST [DEBUG] HttpClient - Operating system version:
5.1
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SUN 1.6: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy;
JavaLoginConfig Configuration)
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
signature provider
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunJSSE 1.6: Sun JSSE
provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunJCE 1.6: SunJCE Provider
(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE,
Diffie-Hellman, HMAC)
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunJGSS 1.0: Sun (Kerberos
v5, SPNEGO)
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - XMLDSig 1.0: XMLDSig (DOM
XMLSignatureFactory; DOM KeyInfoFactory)
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunPCSC 1.6: Sun PC/SC
provider
2007/10/11 17:08:35:796 IST [DEBUG] HttpClient - SunMSCAPI 1.6: Sun's
Microsoft Crypto API provider
2007/10/11 17:08:35:796 IST [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.1
2007/10/11 17:08:35:796 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2007/10/11 17:08:35:796 IST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2007/10/11 17:08:35:796 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = default
2007/10/11 17:08:35:796 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2007/10/11 17:08:35:796 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2007/10/11 17:08:35:812 IST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@1a73d3c
2007/10/11 17:08:35:812 IST [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss
z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2007/10/11 17:08:35:812 IST [DEBUG] DefaultHttpParams - Set parameter
http.useragent =  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
2007/10/11 17:08:35:828 IST [DEBUG] DefaultHttpParams - Set parameter
http.tcp.nodelay = true
2007/10/11 17:08:35:828 IST [DEBUG] DefaultHttpParams - Set parameter
http.connection.stalecheck = false
2007/10/11 17:08:35:828 IST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.max-per-host = {HostConfiguration[]=100}
2007/10/11 17:08:35:828 IST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@b0f13d
2007/10/11 17:08:35:843 IST [DEBUG] HttpConnection - Open connection to
nicola:8080
2007/10/11 17:08:35:859 IST [DEBUG] header - >> "GET /ssp/ HTTP/1.1[\r][\n]"
2007/10/11 17:08:35:859 IST [DEBUG] HttpMethodBase - Adding Host request
header
2007/10/11 17:08:35:859 IST [DEBUG] header - >> "User-Agent:  Mozilla/5.0
(Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) Gecko/20070914
Firefox/2.0.0.7[\r][\n]"
2007/10/11 17:08:35:859 IST [DEBUG] header - >> "Host: nicola:8080[\r][\n]"
2007/10/11 17:08:35:859 IST [DEBUG] header - >> "[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Server:
Apache-Coyote/1.1[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Set-Cookie:
JSESSIONID=8F3B44D410B43CAF8B908F00255A756A; Path=/ssp[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Content-Type:
text/html;charset=ISO-8859-1[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Content-Length: 3[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Date: Thu, 11 Oct 2007
16:08:35 GMT[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Cookie accepted:
"$Version=0; JSESSIONID=8F3B44D410B43CAF8B908F00255A756A; $Path=/ssp"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Buffering response body
2007/10/11 17:08:35:875 IST [DEBUG] content - << "[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] content - << "0"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Resorting to protocol
version default close connection policy
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2007/10/11 17:08:35:875 IST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "GET /ssp/ HTTP/1.1[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Adding Host request
header
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "User-Agent:  Mozilla/5.0
(Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) Gecko/20070914
Firefox/2.0.0.7[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "Host: nicola:8080[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "Cookie: $Version=0;
JSESSIONID=8F3B44D410B43CAF8B908F00255A756A; $Path=/ssp[\r][\n]"

0
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Server:
Apache-Coyote/1.1[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Content-Type:
text/html;charset=ISO-8859-1[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Content-Length: 3[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "Date: Thu, 11 Oct 2007
16:08:35 GMT[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - << "[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Buffering response body
2007/10/11 17:08:35:875 IST [DEBUG] content - << "[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] content - << "1"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Resorting to protocol
version default close connection policy
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2007/10/11 17:08:35:875 IST [DEBUG] HttpConnection - Releasing connection
back to connection manager.

1
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "GET /ssp/ HTTP/1.1[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] HttpMethodBase - Adding Host request
header
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "User-Agent:  Mozilla/5.0
(Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) Gecko/20070914
Firefox/2.0.0.7[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "Host: nicola:8080[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "Cookie: $Version=0;
JSESSIONID=8F3B44D410B43CAF8B908F00255A756A; $Path=/ssp[\r][\n]"
2007/10/11 17:08:35:875 IST [DEBUG] header - >> "[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "Server:
Apache-Coyote/1.1[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "Content-Type:
text/html;charset=ISO-8859-1[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "Content-Length: 3[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "Date: Thu, 11 Oct 2007
16:08:35 GMT[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] header - << "[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] HttpMethodBase - Buffering response body
2007/10/11 17:08:35:890 IST [DEBUG] content - << "[\r][\n]"
2007/10/11 17:08:35:890 IST [DEBUG] content - << "2"
2

2007/10/11 17:08:35:890 IST [DEBUG] HttpMethodBase - Resorting to protocol
version default close connection policy
2007/10/11 17:08:35:890 IST [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2007/10/11 17:08:35:890 IST [DEBUG] HttpConnection - Releasing connection
back to connection manager.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** HTTPS ***

2007/10/11 17:09:28:578 IST [DEBUG] HttpClient - Java version: 1.6.0_02
2007/10/11 17:09:28:578 IST [DEBUG] HttpClient - Java vendor: Sun
Microsystems Inc.
2007/10/11 17:09:28:578 IST [DEBUG] HttpClient - Java class path:
C:\developer\workspace\transformer-client\bin;C:\developer\eclipseTPTP\plugins\org.junit4_4.3.1\junit.jar;C:\developer\workspace\transformer-client\lib\commons-logging-1.1.jar;C:\developer\workspace\transformer-client\lib\log4j-1.2.14.jar;C:\developer\workspace\transformer-client\lib\axiom\axiom-api-1.2.5.jar;C:\developer\workspace\transformer-client\lib\axiom\axiom-impl-1.2.5.jar;C:\developer\workspace\transformer-client\lib\axiom\jaxen-1.1-beta-9.jar;C:\developer\workspace\transformer-client\lib\axiom\stax-api-1.0.1.jar;C:\developer\workspace\transformer-client\lib\axiom\xml-apis-1.3.03.jar;C:\developer\workspace\transformer-client\lib\httpclient\commons-codec-1.3.jar;C:\developer\workspace\transformer-client\lib\httpclient\commons-httpclient-3.1.jar;C:\developer\workspace\transformer-client\lib\spring\spring.jar;C:\developer\workspace\transformer-client\lib\tagsoup\tagsoup-1.1.3.jar;C:\developer\workspace\transformer-client\lib\spring\quartz-1.5.2.jar;C:\developer\workspace\transformer-client\lib\JCS\concurrent.jar;C:\developer\workspace\transformer-client\lib\JCS\jcs-1.2.7.9.jar
2007/10/11 17:09:28:578 IST [DEBUG] HttpClient - Operating system name:
Windows XP
2007/10/11 17:09:28:578 IST [DEBUG] HttpClient - Operating system
architecture: x86
2007/10/11 17:09:28:578 IST [DEBUG] HttpClient - Operating system version:
5.1
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SUN 1.6: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy;
JavaLoginConfig Configuration)
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
signature provider
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunJSSE 1.6: Sun JSSE
provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunJCE 1.6: SunJCE Provider
(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE,
Diffie-Hellman, HMAC)
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunJGSS 1.0: Sun (Kerberos
v5, SPNEGO)
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - XMLDSig 1.0: XMLDSig (DOM
XMLSignatureFactory; DOM KeyInfoFactory)
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunPCSC 1.6: Sun PC/SC
provider
2007/10/11 17:09:28:640 IST [DEBUG] HttpClient - SunMSCAPI 1.6: Sun's
Microsoft Crypto API provider
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.1
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = default
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@1a73d3c
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy
HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE,
dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss
z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy
HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z,
EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
2007/10/11 17:09:28:640 IST [DEBUG] DefaultHttpParams - Set parameter
http.useragent =  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
2007/10/11 17:09:28:671 IST [DEBUG] DefaultHttpParams - Set parameter
http.tcp.nodelay = true
2007/10/11 17:09:28:671 IST [DEBUG] DefaultHttpParams - Set parameter
http.connection.stalecheck = false
2007/10/11 17:09:28:671 IST [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.max-per-host = {HostConfiguration[]=100}
2007/10/11 17:09:28:671 IST [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@b0f13d
2007/10/11 17:09:28:671 IST [DEBUG] HttpConnection - Open connection to
nicola:8443
2007/10/11 17:09:28:843 IST [DEBUG] header - >> "GET /ssp/ HTTP/1.1[\r][\n]"
2007/10/11 17:09:28:843 IST [DEBUG] HttpMethodBase - Adding Host request
header
2007/10/11 17:09:28:843 IST [DEBUG] header - >> "User-Agent:  Mozilla/5.0
(Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) Gecko/20070914
Firefox/2.0.0.7[\r][\n]"
2007/10/11 17:09:28:843 IST [DEBUG] header - >> "Host: nicola:8443[\r][\n]"
2007/10/11 17:09:28:843 IST [DEBUG] header - >> "[\r][\n]"
2007/10/11 17:09:28:875 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:09:28:875 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:09:28:875 IST [DEBUG] header - << "Server:
Apache-Coyote/1.1[\r][\n]"
2007/10/11 17:09:28:875 IST [DEBUG] header - << "Set-Cookie:
JSESSIONID=8E9B140A1D5365F99021565BDF53CE50; Path=/ssp; Secure[\r][\n]"
2007/10/11 17:09:28:875 IST [DEBUG] header - << "Content-Type:
text/html;charset=ISO-8859-1[\r][\n]"
2007/10/11 17:09:28:875 IST [DEBUG] header - << "Content-Length: 3[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Date: Thu, 11 Oct 2007
16:09:28 GMT[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Cookie accepted:
"$Version=0; JSESSIONID=8E9B140A1D5365F99021565BDF53CE50; $Path=/ssp"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Buffering response body
2007/10/11 17:09:28:890 IST [DEBUG] content - << "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] content - << "0"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Resorting to protocol
version default close connection policy
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
0

2007/10/11 17:09:28:890 IST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "GET /ssp/ HTTP/1.1[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Adding Host request
header
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "User-Agent:  Mozilla/5.0
(Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) Gecko/20070914
Firefox/2.0.0.7[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "Host: nicola:8443[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Server:
Apache-Coyote/1.1[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Set-Cookie:
JSESSIONID=0B1ECE3AB1E95C9D1409928A072C1A32; Path=/ssp; Secure[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Content-Type:
text/html;charset=ISO-8859-1[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Content-Length: 3[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Date: Thu, 11 Oct 2007
16:09:28 GMT[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Cookie accepted:
"$Version=0; JSESSIONID=0B1ECE3AB1E95C9D1409928A072C1A32; $Path=/ssp"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Buffering response body
2007/10/11 17:09:28:890 IST [DEBUG] content - << "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] content - << "0"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Resorting to protocol
version default close connection policy
0

2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2007/10/11 17:09:28:890 IST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "GET /ssp/ HTTP/1.1[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Adding Host request
header
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "User-Agent:  Mozilla/5.0
(Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7) Gecko/20070914
Firefox/2.0.0.7[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "Host: nicola:8443[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - >> "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Server:
Apache-Coyote/1.1[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Set-Cookie:
JSESSIONID=5CFEA4AF7874FE652AA5FDC6562FED32; Path=/ssp; Secure[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Content-Type:
text/html;charset=ISO-8859-1[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Content-Length: 3[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "Date: Thu, 11 Oct 2007
16:09:28 GMT[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] header - << "[\r][\n]"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Cookie accepted:
"$Version=0; JSESSIONID=5CFEA4AF7874FE652AA5FDC6562FED32; $Path=/ssp"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Buffering response body
2007/10/11 17:09:28:890 IST [DEBUG] content - << "[\r][\n]"

0
2007/10/11 17:09:28:890 IST [DEBUG] content - << "0"
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Resorting to protocol
version default close connection policy
2007/10/11 17:09:28:890 IST [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2007/10/11 17:09:28:890 IST [DEBUG] HttpConnection - Releasing connection
back to connection manager.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks again!
nicola



olegk wrote:
> 
> On Wed, 2007-10-10 at 08:49 -0700, nzaghini wrote:
>> I am really sorry my code before was incomplete, and of course it didn't
>> make
>> sense, unfortunately is not so easy.. (the get method was wrong too, i
>> apologize)
>> 
>> >HttpClient client = new HttpClient();
>> > client.getParams().setParameter(HttpMethodParams.USER_AGENT,
>> >         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
>> > Gecko/20070914 Firefox/2.0.0.7");
>> > 
>> > Protocol easyhttps = new Protocol("https", new
>> > EasySSLProtocolSocketFactory(), 443);
>> > Protocol.registerProtocol("https", easyhttps);
>> > 
>> 
>> GetMethod method = new GetMethod("https://nicola:8443/ssp/");
>> 
>> > method.setDoAuthentication(true); // tryed with and without
>> > 
>> > HttpState state = new HttpState();
>> 
>> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> method,
>> state);
>> String responseBody = method.getResponseBodyAsString();
>> 
>> 
>> statusCode = client.executeMethod(client.getHostConfiguration(), method,
>> state);
>> responseBody = method.getResponseBodyAsString();
>> 
>> 
>> statusCode = client.executeMethod(client.getHostConfiguration(), method,
>> state);
>> responseBody = method.getResponseBodyAsString();
>> 
>> 
>> I think this code should be fine to let my session go ahead, but putting
>> break-point among invocations i can clearly see the content (session id)
>> of
>> the state object change after every invocation, and this makes my counter
>> service on https://nicola:8443/ssp/ answer with the number 0 every
>> invocation.
>> 
>> Of course the behavior change if i use http://nicola:8080/ssp/ as target
>> page, it means that the result is 0, 1, 2 and the state object shows a
>> session id never changing.
>> 
>> Thanks for your help.
>> nicola
>> 
>> 
> 
> Nicola
> 
> Aha! The _session ID_ always changes, not the HttpState instance.
> 
> Please post two wire/context logs (one for a plain connection and
> another one for https)
> 
> http://jakarta.apache.org/httpcomponents/httpclient-3.x/logging.html
> 
> Oleg
> 
>> 
>> 
>> 
>> olegk wrote:
>> > 
>> > On Wed, 2007-10-10 at 07:57 -0700, nzaghini wrote:
>> >> >There is no difference between plain http or https as far as the
>> cookie
>> >> >based state management is concerned. 
>> >> 
>> >> I am completely agree with you, but the result of my invocations seems
>> to
>> >> be
>> >> different from the normal/logic/expected behavior..
>> >> 
>> >> >Why does it always change?
>> >> 
>> >> This is the question, i can't figure out why it change all the time.
>> >> To let you better understand the situation i paste here my entire
>> code,
>> >> because maybe the problem is so macroscopic that i can't see it being
>> too
>> >> close..
>> >> 
>> >> I forgot to tell you that using the basic https support everithing
>> works
>> >> fine, but i need to work even with self-signed servers, and this is
>> the
>> >> solution suggested by HttpClient Jakarta site.
>> >> 
>> >> HttpClient client = new HttpClient();
>> >> client.getParams().setParameter(HttpMethodParams.USER_AGENT,
>> >>         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
>> >> Gecko/20070914 Firefox/2.0.0.7");
>> >> 
>> >> Protocol easyhttps = new Protocol("https", new
>> >> EasySSLProtocolSocketFactory(), 443);
>> >> Protocol.registerProtocol("https", easyhttps);
>> >> 
>> >> GetMethod method = new GetMethod("http://nicola:8080/ssp/");
>> >> method.setDoAuthentication(true); // tryed with and without
>> >> 
>> > =====================================
>> >> HttpState state = new HttpState();
>> >> 
>> >> client.setState(state); 
>> > ====================================
>> > Nicola,
>> > 
>> > You are creating a new instance of HttpState for _each_ request thus
>> > effectively discarding all cookies stored previously. No wonder
>> sessions
>> > do not 'stick'.
>> > 
>> > Oleg
>> > 
>> > 
>> >> // tryed with and without
>> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> >> method,
>> >> null); //tryed with state instead of null
>> >> 
>> >> Thanks!
>> >> nicola
>> >> 
>> >> 
>> >> olegk wrote:
>> >> > 
>> >> > On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
>> >> >> Hi,
>> >> >> i have a problem with https and cookies based sessioning system.
>> >> > 
>> >> > There is no difference between plain http or https as far as the
>> cookie
>> >> > based state management is concerned.  
>> >> > 
>> >> >> I've just added the following line of code to my component
>> exploiting
>> >> >> httpclient
>> >> >> 
>> >> >>     Protocol easyhttps = new Protocol("https",
>> >> >> EasySSLProtocolSocketFactory(), 443);
>> >> >>     Protocol.registerProtocol("https", easyhttps);
>> >> >> 
>> >> >> All the classes used here comes from the httpclient home site.
>> >> >> 
>> >> >> What i need, and it works fine without ssl, is to make several
>> request
>> >> >> with
>> >> >> the same HttpState obejct to let the session go ahead..
>> >> >> 
>> >> >> So, while i try to invoke the executeMethod several times like
>> this:
>> >> >> 
>> >> >> int statusCode =
>> client.executeMethod(client.getHostConfiguration(),
>> >> >> method,
>> >> >> state);
>> >> >> int statusCode =
>> client.executeMethod(client.getHostConfiguration(),
>> >> >> method,
>> >> >> state);
>> >> >> int statusCode =
>> client.executeMethod(client.getHostConfiguration(),
>> >> >> method,
>> >> >> state);
>> >> >> 
>> >> >> the state obect (instance of HttpState class)  always chage, 
>> >> > 
>> >> > Why does it always change?
>> >> > 
>> >> > Oleg
>> >> > 
>> >> >> so i cannot go
>> >> >> ahead in the application session and all the time i'm in the same
>> >> >> situation.
>> >> >> 
>> >> >> Thanks million for your help!
>> >> >> nicola
>> >> > 
>> >> > 
>> >> >
>> ---------------------------------------------------------------------
>> >> > To unsubscribe, e-mail:
>> httpclient-user-unsubscribe@jakarta.apache.org
>> >> > For additional commands, e-mail:
>> >> httpclient-user-help@jakarta.apache.org
>> >> > 
>> >> > 
>> >> > 
>> >> 
>> > 
>> > 
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail:
>> httpclient-user-help@jakarta.apache.org
>> > 
>> > 
>> > 
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/problem-with-https-and-cookies-based-session-tf4588385.html#a13159218
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Wed, 2007-10-10 at 08:49 -0700, nzaghini wrote:
> I am really sorry my code before was incomplete, and of course it didn't make
> sense, unfortunately is not so easy.. (the get method was wrong too, i
> apologize)
> 
> >HttpClient client = new HttpClient();
> > client.getParams().setParameter(HttpMethodParams.USER_AGENT,
> >         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
> > Gecko/20070914 Firefox/2.0.0.7");
> > 
> > Protocol easyhttps = new Protocol("https", new
> > EasySSLProtocolSocketFactory(), 443);
> > Protocol.registerProtocol("https", easyhttps);
> > 
> 
> GetMethod method = new GetMethod("https://nicola:8443/ssp/");
> 
> > method.setDoAuthentication(true); // tryed with and without
> > 
> > HttpState state = new HttpState();
> 
> int statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> String responseBody = method.getResponseBodyAsString();
> 
> 
> statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> responseBody = method.getResponseBodyAsString();
> 
> 
> statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> responseBody = method.getResponseBodyAsString();
> 
> 
> I think this code should be fine to let my session go ahead, but putting
> break-point among invocations i can clearly see the content (session id) of
> the state object change after every invocation, and this makes my counter
> service on https://nicola:8443/ssp/ answer with the number 0 every
> invocation.
> 
> Of course the behavior change if i use http://nicola:8080/ssp/ as target
> page, it means that the result is 0, 1, 2 and the state object shows a
> session id never changing.
> 
> Thanks for your help.
> nicola
> 
> 

Nicola

Aha! The _session ID_ always changes, not the HttpState instance.

Please post two wire/context logs (one for a plain connection and
another one for https)

http://jakarta.apache.org/httpcomponents/httpclient-3.x/logging.html

Oleg

> 
> 
> 
> olegk wrote:
> > 
> > On Wed, 2007-10-10 at 07:57 -0700, nzaghini wrote:
> >> >There is no difference between plain http or https as far as the cookie
> >> >based state management is concerned. 
> >> 
> >> I am completely agree with you, but the result of my invocations seems to
> >> be
> >> different from the normal/logic/expected behavior..
> >> 
> >> >Why does it always change?
> >> 
> >> This is the question, i can't figure out why it change all the time.
> >> To let you better understand the situation i paste here my entire code,
> >> because maybe the problem is so macroscopic that i can't see it being too
> >> close..
> >> 
> >> I forgot to tell you that using the basic https support everithing works
> >> fine, but i need to work even with self-signed servers, and this is the
> >> solution suggested by HttpClient Jakarta site.
> >> 
> >> HttpClient client = new HttpClient();
> >> client.getParams().setParameter(HttpMethodParams.USER_AGENT,
> >>         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
> >> Gecko/20070914 Firefox/2.0.0.7");
> >> 
> >> Protocol easyhttps = new Protocol("https", new
> >> EasySSLProtocolSocketFactory(), 443);
> >> Protocol.registerProtocol("https", easyhttps);
> >> 
> >> GetMethod method = new GetMethod("http://nicola:8080/ssp/");
> >> method.setDoAuthentication(true); // tryed with and without
> >> 
> > =====================================
> >> HttpState state = new HttpState();
> >> 
> >> client.setState(state); 
> > ====================================
> > Nicola,
> > 
> > You are creating a new instance of HttpState for _each_ request thus
> > effectively discarding all cookies stored previously. No wonder sessions
> > do not 'stick'.
> > 
> > Oleg
> > 
> > 
> >> // tryed with and without
> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> method,
> >> null); //tryed with state instead of null
> >> 
> >> Thanks!
> >> nicola
> >> 
> >> 
> >> olegk wrote:
> >> > 
> >> > On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
> >> >> Hi,
> >> >> i have a problem with https and cookies based sessioning system.
> >> > 
> >> > There is no difference between plain http or https as far as the cookie
> >> > based state management is concerned.  
> >> > 
> >> >> I've just added the following line of code to my component exploiting
> >> >> httpclient
> >> >> 
> >> >>     Protocol easyhttps = new Protocol("https",
> >> >> EasySSLProtocolSocketFactory(), 443);
> >> >>     Protocol.registerProtocol("https", easyhttps);
> >> >> 
> >> >> All the classes used here comes from the httpclient home site.
> >> >> 
> >> >> What i need, and it works fine without ssl, is to make several request
> >> >> with
> >> >> the same HttpState obejct to let the session go ahead..
> >> >> 
> >> >> So, while i try to invoke the executeMethod several times like this:
> >> >> 
> >> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> >> method,
> >> >> state);
> >> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> >> method,
> >> >> state);
> >> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> >> method,
> >> >> state);
> >> >> 
> >> >> the state obect (instance of HttpState class)  always chage, 
> >> > 
> >> > Why does it always change?
> >> > 
> >> > Oleg
> >> > 
> >> >> so i cannot go
> >> >> ahead in the application session and all the time i'm in the same
> >> >> situation.
> >> >> 
> >> >> Thanks million for your help!
> >> >> nicola
> >> > 
> >> > 
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> >> > For additional commands, e-mail:
> >> httpclient-user-help@jakarta.apache.org
> >> > 
> >> > 
> >> > 
> >> 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> > 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by nzaghini <nz...@gmail.com>.

I am really sorry my code before was incomplete, and of course it didn't make
sense, unfortunately is not so easy.. (the get method was wrong too, i
apologize)

>HttpClient client = new HttpClient();
> client.getParams().setParameter(HttpMethodParams.USER_AGENT,
>         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
> Gecko/20070914 Firefox/2.0.0.7");
> 
> Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
> Protocol.registerProtocol("https", easyhttps);
> 

GetMethod method = new GetMethod("https://nicola:8443/ssp/");

> method.setDoAuthentication(true); // tryed with and without
> 
> HttpState state = new HttpState();

int statusCode = client.executeMethod(client.getHostConfiguration(), method,
state);
String responseBody = method.getResponseBodyAsString();


statusCode = client.executeMethod(client.getHostConfiguration(), method,
state);
responseBody = method.getResponseBodyAsString();


statusCode = client.executeMethod(client.getHostConfiguration(), method,
state);
responseBody = method.getResponseBodyAsString();


I think this code should be fine to let my session go ahead, but putting
break-point among invocations i can clearly see the content (session id) of
the state object change after every invocation, and this makes my counter
service on https://nicola:8443/ssp/ answer with the number 0 every
invocation.

Of course the behavior change if i use http://nicola:8080/ssp/ as target
page, it means that the result is 0, 1, 2 and the state object shows a
session id never changing.

Thanks for your help.
nicola





olegk wrote:
> 
> On Wed, 2007-10-10 at 07:57 -0700, nzaghini wrote:
>> >There is no difference between plain http or https as far as the cookie
>> >based state management is concerned. 
>> 
>> I am completely agree with you, but the result of my invocations seems to
>> be
>> different from the normal/logic/expected behavior..
>> 
>> >Why does it always change?
>> 
>> This is the question, i can't figure out why it change all the time.
>> To let you better understand the situation i paste here my entire code,
>> because maybe the problem is so macroscopic that i can't see it being too
>> close..
>> 
>> I forgot to tell you that using the basic https support everithing works
>> fine, but i need to work even with self-signed servers, and this is the
>> solution suggested by HttpClient Jakarta site.
>> 
>> HttpClient client = new HttpClient();
>> client.getParams().setParameter(HttpMethodParams.USER_AGENT,
>>         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
>> Gecko/20070914 Firefox/2.0.0.7");
>> 
>> Protocol easyhttps = new Protocol("https", new
>> EasySSLProtocolSocketFactory(), 443);
>> Protocol.registerProtocol("https", easyhttps);
>> 
>> GetMethod method = new GetMethod("http://nicola:8080/ssp/");
>> method.setDoAuthentication(true); // tryed with and without
>> 
> =====================================
>> HttpState state = new HttpState();
>> 
>> client.setState(state); 
> ====================================
> Nicola,
> 
> You are creating a new instance of HttpState for _each_ request thus
> effectively discarding all cookies stored previously. No wonder sessions
> do not 'stick'.
> 
> Oleg
> 
> 
>> // tryed with and without
>> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> method,
>> null); //tryed with state instead of null
>> 
>> Thanks!
>> nicola
>> 
>> 
>> olegk wrote:
>> > 
>> > On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
>> >> Hi,
>> >> i have a problem with https and cookies based sessioning system.
>> > 
>> > There is no difference between plain http or https as far as the cookie
>> > based state management is concerned.  
>> > 
>> >> I've just added the following line of code to my component exploiting
>> >> httpclient
>> >> 
>> >>     Protocol easyhttps = new Protocol("https",
>> >> EasySSLProtocolSocketFactory(), 443);
>> >>     Protocol.registerProtocol("https", easyhttps);
>> >> 
>> >> All the classes used here comes from the httpclient home site.
>> >> 
>> >> What i need, and it works fine without ssl, is to make several request
>> >> with
>> >> the same HttpState obejct to let the session go ahead..
>> >> 
>> >> So, while i try to invoke the executeMethod several times like this:
>> >> 
>> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> >> method,
>> >> state);
>> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> >> method,
>> >> state);
>> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> >> method,
>> >> state);
>> >> 
>> >> the state obect (instance of HttpState class)  always chage, 
>> > 
>> > Why does it always change?
>> > 
>> > Oleg
>> > 
>> >> so i cannot go
>> >> ahead in the application session and all the time i'm in the same
>> >> situation.
>> >> 
>> >> Thanks million for your help!
>> >> nicola
>> > 
>> > 
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail:
>> httpclient-user-help@jakarta.apache.org
>> > 
>> > 
>> > 
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/problem-with-https-and-cookies-based-session-tf4588385.html#a13138543
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Wed, 2007-10-10 at 07:57 -0700, nzaghini wrote:
> >There is no difference between plain http or https as far as the cookie
> >based state management is concerned. 
> 
> I am completely agree with you, but the result of my invocations seems to be
> different from the normal/logic/expected behavior..
> 
> >Why does it always change?
> 
> This is the question, i can't figure out why it change all the time.
> To let you better understand the situation i paste here my entire code,
> because maybe the problem is so macroscopic that i can't see it being too
> close..
> 
> I forgot to tell you that using the basic https support everithing works
> fine, but i need to work even with self-signed servers, and this is the
> solution suggested by HttpClient Jakarta site.
> 
> HttpClient client = new HttpClient();
> client.getParams().setParameter(HttpMethodParams.USER_AGENT,
>         " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
> Gecko/20070914 Firefox/2.0.0.7");
> 
> Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
> Protocol.registerProtocol("https", easyhttps);
> 
> GetMethod method = new GetMethod("http://nicola:8080/ssp/");
> method.setDoAuthentication(true); // tryed with and without
> 
=====================================
> HttpState state = new HttpState();
> 
> client.setState(state); 
====================================
Nicola,

You are creating a new instance of HttpState for _each_ request thus
effectively discarding all cookies stored previously. No wonder sessions
do not 'stick'.

Oleg


> // tryed with and without
> int statusCode = client.executeMethod(client.getHostConfiguration(), method,
> null); //tryed with state instead of null
> 
> Thanks!
> nicola
> 
> 
> olegk wrote:
> > 
> > On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
> >> Hi,
> >> i have a problem with https and cookies based sessioning system.
> > 
> > There is no difference between plain http or https as far as the cookie
> > based state management is concerned.  
> > 
> >> I've just added the following line of code to my component exploiting
> >> httpclient
> >> 
> >>     Protocol easyhttps = new Protocol("https",
> >> EasySSLProtocolSocketFactory(), 443);
> >>     Protocol.registerProtocol("https", easyhttps);
> >> 
> >> All the classes used here comes from the httpclient home site.
> >> 
> >> What i need, and it works fine without ssl, is to make several request
> >> with
> >> the same HttpState obejct to let the session go ahead..
> >> 
> >> So, while i try to invoke the executeMethod several times like this:
> >> 
> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> method,
> >> state);
> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> method,
> >> state);
> >> int statusCode = client.executeMethod(client.getHostConfiguration(),
> >> method,
> >> state);
> >> 
> >> the state obect (instance of HttpState class)  always chage, 
> > 
> > Why does it always change?
> > 
> > Oleg
> > 
> >> so i cannot go
> >> ahead in the application session and all the time i'm in the same
> >> situation.
> >> 
> >> Thanks million for your help!
> >> nicola
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> > 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by nzaghini <nz...@gmail.com>.

>There is no difference between plain http or https as far as the cookie
>based state management is concerned. 

I am completely agree with you, but the result of my invocations seems to be
different from the normal/logic/expected behavior..

>Why does it always change?

This is the question, i can't figure out why it change all the time.
To let you better understand the situation i paste here my entire code,
because maybe the problem is so macroscopic that i can't see it being too
close..

I forgot to tell you that using the basic https support everithing works
fine, but i need to work even with self-signed servers, and this is the
solution suggested by HttpClient Jakarta site.

HttpClient client = new HttpClient();
client.getParams().setParameter(HttpMethodParams.USER_AGENT,
        " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.7)
Gecko/20070914 Firefox/2.0.0.7");

Protocol easyhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
Protocol.registerProtocol("https", easyhttps);

GetMethod method = new GetMethod("http://nicola:8080/ssp/");
method.setDoAuthentication(true); // tryed with and without

HttpState state = new HttpState();

client.setState(state); // tryed with and without
int statusCode = client.executeMethod(client.getHostConfiguration(), method,
null); //tryed with state instead of null

Thanks!
nicola


olegk wrote:
> 
> On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
>> Hi,
>> i have a problem with https and cookies based sessioning system.
> 
> There is no difference between plain http or https as far as the cookie
> based state management is concerned.  
> 
>> I've just added the following line of code to my component exploiting
>> httpclient
>> 
>>     Protocol easyhttps = new Protocol("https",
>> EasySSLProtocolSocketFactory(), 443);
>>     Protocol.registerProtocol("https", easyhttps);
>> 
>> All the classes used here comes from the httpclient home site.
>> 
>> What i need, and it works fine without ssl, is to make several request
>> with
>> the same HttpState obejct to let the session go ahead..
>> 
>> So, while i try to invoke the executeMethod several times like this:
>> 
>> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> method,
>> state);
>> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> method,
>> state);
>> int statusCode = client.executeMethod(client.getHostConfiguration(),
>> method,
>> state);
>> 
>> the state obect (instance of HttpState class)  always chage, 
> 
> Why does it always change?
> 
> Oleg
> 
>> so i cannot go
>> ahead in the application session and all the time i'm in the same
>> situation.
>> 
>> Thanks million for your help!
>> nicola
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/problem-with-https-and-cookies-based-session-tf4588385.html#a13137646
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: problem with https and cookies based session

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Mon, 2007-10-08 at 07:05 -0700, nzaghini wrote:
> Hi,
> i have a problem with https and cookies based sessioning system.

There is no difference between plain http or https as far as the cookie
based state management is concerned.  

> I've just added the following line of code to my component exploiting
> httpclient
> 
>     Protocol easyhttps = new Protocol("https",
> EasySSLProtocolSocketFactory(), 443);
>     Protocol.registerProtocol("https", easyhttps);
> 
> All the classes used here comes from the httpclient home site.
> 
> What i need, and it works fine without ssl, is to make several request with
> the same HttpState obejct to let the session go ahead..
> 
> So, while i try to invoke the executeMethod several times like this:
> 
> int statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> int statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> int statusCode = client.executeMethod(client.getHostConfiguration(), method,
> state);
> 
> the state obect (instance of HttpState class)  always chage, 

Why does it always change?

Oleg

> so i cannot go
> ahead in the application session and all the time i'm in the same situation.
> 
> Thanks million for your help!
> nicola


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org