Maybe this is a simple question or maybe a tough one I don't really know...
I have a session opened in a web that requires a login. What I want to get is the content of the session cookie that has been generated and that my browser (Firefox in this particular case) has stored.
Is there any way to do this with an java application?
You should be able to do this using CookieManager and CookieStore.
Just look for the "Set-Cookie" headers coming through over the wire. It's unclear what Java framework you're using, but you should be able to see this in the request response.
Related
I am having a little problem here. We are a group of 3 guys developing a web application.. When I'm doing post to one servlet handling the login, and afterwards do a post to another servlet where I'm trying to use the attribute we've stored in the session in the Login, it's like it is using another session. I don't think there is a problem in the code, since the other guys can do this without any problems..
I'm using fiddler2 as my restclient, where the others are using Cocoa as their clients. When I'm inspecting the headers the two different posts is having two different session id's.
I've been trying to figure this out most of the day, but haven't found out of anything yet. I will be thankfull for any advise.
Fiddler's Composer does not attempt to maintain any sort of cookie jar for you. If you want to send a cookie on a request using the Composer, you must add it yourself. You will find the value in the Set-Cookie response header on a previous response.
Let's say I've created a mobile application named 'Foo'(iOS). This app talks to a Java-running backend at 'java.com' and works perfectly. Now, I'm trying to create the website 'Foo.com' to let users enjoy the 'same' service on a browser/computer. So far, I've found that almost all calls needed to the API from the website can be done in JavaScript directly to the backend at 'java.com', including a login-function.
On the backend, I've implemented the standard 'doPost'-method to handle the login, and I create a Cookie to attach to the request.
The problem, I think, is that the users get the JavaScript from 'Foo.com', and the JavaScript tries to log in by using an AJAX-call to 'java.com', thus the cookie will be 'stamped' by www.java.com', not by 'www.foo.com', and the user will never receive the cookie. (At least, I don't receive a cookie now)
I've been trying to find a way to accept cookies from 'api.com' into the application, but it doesn't look good. Honestly, I'm not even sure this is the actual problem causing me to not receive a cookie, but I've read several places that cross-domain-cookies aren't allowed. So I ask the general question, how should I proceed?
I've been toying with the idea to add a .php-page to the server-side of the website 'foo.com', and from there handle the requests from client to API, hopefully causing the cookies to be 'stamped' as 'foo.com' instead of 'java.com'. (In that case, I'd also wonder if the .php can forward the information in the cookie or something similar).
But I really want to avoid as much traffic on the webhost as possible. An all-script-website would be optimal, but I don't really see how cookies can work with that.
Is there anything else I can do to handle this? If I simply want a persistent login-function from a client of 'foo.com' handled at 'java.com', are there any options, with or without the use of cookies?
I'd like to embed an ajax application into a wordpress site. The ajax application will communicate with servlets running on tomcat. Now the servlets need a way to verify if a request originates from a user that is logged in to wordpress. How does this commonly get solved?
AFAIK, wordpress is stateless and does not use sessions, which makes me curious how a logged in user in wordpress can be tracked.
The second problem is, how can a servlet request wordpress to verify if a given user is still logged in?
Any advice is welcome,
Thank you.
The only thing that you can do is read the cookies. And that will work only if you are using the same domain (or subdomain and the cookies are valid for all subdomains). The session cookie might not give you sufficient information, however. You can't read a PHP session from a Java app, and generally, you can't mix two applications that way.
As a little workaround, you can check with javascript who is the currently logged user (by finding the username in the DOM), and send that with ajax, but that is not secure at all.
Two part question:
I have setup my website to use Facebook Connect for logging in. In the restricted area, I check if there is a cookie set with the name, "fbs_" under my domain name. However, I do not understand how this cookie gets set under my domain name. Does anyone know what happens with FB.Init call in this regard? (I have not used cross domain HTML file in my implementation).
Secondly, I am interested in implementing an Android setup that uses this web setup for data. Because these cookies look to be setup by the Javascript, I am not able to access these login cookies (fbs_ under mydomain.com) when I try with Cookie Manager. Is there a way I can implement this? Does WebKit help me in this regard?
Thank you for your time and responses.
The cookie is set under your domain as the JavaScript is executed there, and the FB code wants you to have access to the cookie data so you can use it to call the Graph API (or whatever you need to do with it). You should certainly be seeing this cookie set if logging in with Connect - how are you trying to access it? Is the Cookie Manager you mentioned a browser plugin?
I have a java applet that needs to do http requests to the server. A quick experiment showed that the session id cookies from the browser is not sent along, so i'll have to set it manually.
Currently, I see 2 possible solutions:
somehow get hold of the cookie data from within the applet
pass the cookie information into the applet's contructor via javascript
I'd prefer the first solution, but i wasn't able to find a working solution for that. all information i found (mostly netscape.javascript.JSObject) were outdated (my 1.5 VM does not have this class)
Any great ideas or resources i have not yet found?
Are you sure your JVM doesn't contain this class? You should look in $JAVA_HOME/lib/plugin.jar. I found it in my 1.5.0_14 installation.
If you are generating the page dynamically, you don't necessarily need to use JavaScript to communicate the session ID. As long as you know it server-side, you can place it into an applet parameter tag in the generated HTML which contains the <applet> tag.
Nowadays all browsers are supporting httponly cookies.If cookies are consciously set in server as 'httponly' in appropriate response headers,applets may not be able to access it.