I am having a little problem here. We are a group of 3 guys developing a web application.. When I'm doing post to one servlet handling the login, and afterwards do a post to another servlet where I'm trying to use the attribute we've stored in the session in the Login, it's like it is using another session. I don't think there is a problem in the code, since the other guys can do this without any problems..
I'm using fiddler2 as my restclient, where the others are using Cocoa as their clients. When I'm inspecting the headers the two different posts is having two different session id's.
I've been trying to figure this out most of the day, but haven't found out of anything yet. I will be thankfull for any advise.
Fiddler's Composer does not attempt to maintain any sort of cookie jar for you. If you want to send a cookie on a request using the Composer, you must add it yourself. You will find the value in the Set-Cookie response header on a previous response.
Related
Maybe this is a simple question or maybe a tough one I don't really know...
I have a session opened in a web that requires a login. What I want to get is the content of the session cookie that has been generated and that my browser (Firefox in this particular case) has stored.
Is there any way to do this with an java application?
You should be able to do this using CookieManager and CookieStore.
Just look for the "Set-Cookie" headers coming through over the wire. It's unclear what Java framework you're using, but you should be able to see this in the request response.
It maybe different for different http authentication. But just want to know where is it stored (blog post would be helpful). In java servlet, I can get the userinfo from request.getRemoteUser(), then is the user info stored in http header or cookie. And how does the client specify that. e.g. In java I can construct URI with user info, but where is it stored. Any related blog post would be helpful
If I understand your question well enough, you're trying to figure it out how the client side information related to the user are stored .. well.. It depends of the client implementation you are using I guess .
For instance Angular can use different kind of user information storage methods like CacheFactory or LocalStorage API as mentionned in this other post.
Let's say I've created a mobile application named 'Foo'(iOS). This app talks to a Java-running backend at 'java.com' and works perfectly. Now, I'm trying to create the website 'Foo.com' to let users enjoy the 'same' service on a browser/computer. So far, I've found that almost all calls needed to the API from the website can be done in JavaScript directly to the backend at 'java.com', including a login-function.
On the backend, I've implemented the standard 'doPost'-method to handle the login, and I create a Cookie to attach to the request.
The problem, I think, is that the users get the JavaScript from 'Foo.com', and the JavaScript tries to log in by using an AJAX-call to 'java.com', thus the cookie will be 'stamped' by www.java.com', not by 'www.foo.com', and the user will never receive the cookie. (At least, I don't receive a cookie now)
I've been trying to find a way to accept cookies from 'api.com' into the application, but it doesn't look good. Honestly, I'm not even sure this is the actual problem causing me to not receive a cookie, but I've read several places that cross-domain-cookies aren't allowed. So I ask the general question, how should I proceed?
I've been toying with the idea to add a .php-page to the server-side of the website 'foo.com', and from there handle the requests from client to API, hopefully causing the cookies to be 'stamped' as 'foo.com' instead of 'java.com'. (In that case, I'd also wonder if the .php can forward the information in the cookie or something similar).
But I really want to avoid as much traffic on the webhost as possible. An all-script-website would be optimal, but I don't really see how cookies can work with that.
Is there anything else I can do to handle this? If I simply want a persistent login-function from a client of 'foo.com' handled at 'java.com', are there any options, with or without the use of cookies?
I am using SWF Uploader to upload files. I am using java in server side.
Flash is invalidating Java Session automatically. SWF team didn't found any fix till now.
After some searches, i have found this link, which discusses an idea to handle this problem in ASP.
In basic PHP we pass the session id as a POST parameter and manually restore the session.
In ASP.Net we also post the session id and use a Global.asax to catch the values
before the session is restored and dynamically add the right cookies.
Like that do we have any option to restore the session in java?
I also gone through this StackOverFlow post. But i am not able to understand what they are telling exactly. Maybe its because, i am not sound enough in java session.
Especially upload_url: "Controller?action=33&JSESSIONID=<%=request.getSession().getId()%>", this line. What is he achieving with that line. What is Controller & action=33.
Any suggestions of restoring the session from client side or server side would be more appreciative!!
Thanks!
If I read the linked SO question correctly, the problem is not invalidation of the session id, but the way the server treats the flash object: It is considered an additional client, not as part of the rest of the browser window. Therefore, 2 separate sessions are created, causing the id to be different or null upon upload.
The solution is to manually look up the correct session id, or force the server to assign the correct id to a new session. This is done by forwarding the jsessionid to Flash as a variable, and later adding it as a GET parameter to the HTTP upload request, so it can be retrieved on the server and you can use it to look up the correct session.
In the example, the author uses Controller as the name of the servlet, and action=33 is probably used to invoke some method on it. This is specific to this particular application, but not important for your solution.
What matters to you is the end of the string: &jsessionid=<%=request.getSession().getId()%>
This JSP code essentially adds the java session id to a variable containing the upload request URL. You can do this in plain Java or any other language that has access to the correct session id - what matters is that it is transmitted to the Flash plugin first, then added to the upload request, then sent back to the server again, and then used to find or create the correct session id to process the upload with.
This is the code the author used to create a new session cookie:
if (request.getParameter("JSESSIONID")!=null) {
Cookie userCookie = new Cookie("JSESSIONID", request.getParameter("JSESSIONID"));
response.addCookie(userCookie);
}
I am writing java code where i need to get some information from a particular website. i am writing java code that uses scrapping method , but while scraping data from website i am facing one problem.
When i go through the links one page to another page some time it shows security image page. I get the security string by using an API,but when i m trying to post it using postmethod in java. I can't able to get actual page source, it redirects the same security image page. How to solve this problem. How can I post arguments to resolve security image problem.
Thanks!
From the security image implementor's point of view, this is usually implemented by saving your session id with the security string, so when you post your security string attempt, the server can compare your answer to the on in the session object on the server. The session is usually managed by your web browser, by cookies most often.
So my question to you is - do you maintain some session with this particular website, or is every web request detached from the previous ones?