On Fri, 2009-01-23 at 08:54 -0800, stoli wrote: > I am in need of some guidance. Not sure what to try next. > > The server I am connecting to (https) is dropping the session after I log > in. After closer examination using the wire logging, it looks like the > server is rejecting the secure session cookie sent back in the header. > > I have tried using CookiePolicy.RFC_2109 and > CookiePolicy.BROWSER_COMPATIBILITY with the same results. Also, I have > registered SSLProtocolSocketFactory to https as suggested by another post, > but that had no effect either. Not sure if my observations are of any > significance or just a red herring, but I can see that 2 secure session > cookies get passed in the initial server response and then one on the > subsequent connection. There is also a non-secure cookie in the mix. > > Cookies: > > JSESSIONID_EipPortal is a regular cookie (as reported by firefox) > JSESSIONID_css_plt is the secure cookie (as reported by firefox) > > > Log from the initial post (secure cookie not set yet): > > [DEBUG] header - >> "Host: www15.thewebsite.com[\r][\n]" > [DEBUG] header - >> "Cookie: $Version=0; > JSESSIONID_EipPortal=0000mLmTcpbsjFKfBC_pcL6gqDY:12lm4ui6e; $Path=/; > $Domain=.thewebsite.com[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]" > [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]" > [DEBUG] header - << "Date: Fri, 23 Jan 2009 16:23:41 GMT[\r][\n]" > [DEBUG] header - << "Server: Apache/2.0.50 (Unix)[\r][\n]" > [DEBUG] header - << "Pragma: No-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Expires: Thu, 01 Jan 1970 00:00:00 GMT[\r][\n]" > [DEBUG] header - << "Set-Cookie: > JSESSIONID_css_plt=0000fC1rGr1GlfxozjOkvsNuePD:12m5redv2; Path=/; > Domain=.thewebsite.com; Secure[\r][\n]" > [DEBUG] header - << "Set-Cookie: > JSESSIONID_css_plt=0000Z1Wyo3vVzZIISgLIa68SUDD:12m5redv2; Path=/; > Domain=.thewebsite.com; Secure[\r][\n]" > [DEBUG] header - << "Transfer-Encoding: chunked[\r][\n]" > [DEBUG] header - << "Content-Type: text/html; charset=ISO-8859-1[\r][\n]" > [DEBUG] header - << "Content-Language: en-US[\r][\n]" > [DEBUG] header - << "[\r][\n]" > [DEBUG] HttpMethodBase - Cookie accepted: "$Version=0; > JSESSIONID_css_plt=0000fC1rGr1GlfxozjOkvsNuePD:12m5redv2; $Path=/; > $Domain=.thewebsite.com" > [DEBUG] HttpMethodBase - Cookie accepted: "$Version=0; > JSESSIONID_css_plt=0000Z1Wyo3vVzZIISgLIa68SUDD:12m5redv2; $Path=/; > $Domain=.thewebsite.com" > [WARN] HttpMethodBase - Going to buffer response body of large or unknown > size. Using getResponseBodyAsStream instead is recommended. > [DEBUG] HttpMethodBase - Buffering response body > [DEBUG] header - << "[\r][\n]" > [DEBUG] HttpMethodBase - Resorting to protocol version default close > connection policy > [DEBUG] HttpMethodBase - Should NOT close connection, using HTTP/1.1 > [DEBUG] HttpConnection - Releasing connection back to connection manager. > > > And then my next post to a different page on the site: > > [DEBUG] header - >> "Host: www15.thewebsite.com[\r][\n]" > [DEBUG] header - >> "Cookie: $Version=0; > JSESSIONID_EipPortal=0000mLmTcpbsjFKfBC_pcL6gqDY:12lm4ui6e; $Path=/; > $Domain=.thewebsite.com[\r][\n]" > [DEBUG] header - >> "Cookie: $Version=0; > JSESSIONID_css_plt=0000Z1Wyo3vVzZIISgLIa68SUDD:12m5redv2; $Path=/; > $Domain=.thewebsite.com[\r][\n]" > [DEBUG] header - >> "Content-Length: 53[\r][\n]" > [DEBUG] header - >> "Content-Type: > application/x-www-form-urlencoded[\r][\n]" > [DEBUG] header - >> "[\r][\n]" > [DEBUG] EntityEnclosingMethod - Request body sent > [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]" > [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]" > [DEBUG] header - << "Date: Fri, 23 Jan 2009 16:23:41 GMT[\r][\n]" > [DEBUG] header - << "Server: Apache/2.0.50 (Unix)[\r][\n]" > [DEBUG] header - << "Pragma: No-cache[\r][\n]" > [DEBUG] header - << "Cache-Control: no-cache[\r][\n]" > [DEBUG] header - << "Expires: Thu, 01 Jan 1970 00:00:00 GMT[\r][\n]" > [DEBUG] header - << "Set-Cookie: > JSESSIONID_css_plt=0000TNVzKbFJjorCKNqwpQ1CHAi:12m5redv2; Path=/; > Domain=.thewebsite.com; Secure[\r][\n]" > [DEBUG] header - << "Transfer-Encoding: chunked[\r][\n]" > [DEBUG] header - << "Content-Type: text/html; charset=ISO-8859-1[\r][\n]" > [DEBUG] header - << "Content-Language: en-US[\r][\n]" > [DEBUG] header - << "[\r][\n]" > [DEBUG] HttpMethodBase - Cookie accepted: "$Version=0; > JSESSIONID_css_plt=0000TNVzKbFJjorCKNqwpQ1CHAi:12m5redv2; $Path=/; > $Domain=.thewebsite.com" > [WARN] HttpMethodBase - Going to buffer response body of large or unknown > size. Using getResponseBodyAsStream instead is recommended. > [DEBUG] HttpMethodBase - Buffering response body > [DEBUG] header - << "[\r][\n]" > [DEBUG] HttpMethodBase - Resorting to protocol version default close > connection policy > [DEBUG] HttpMethodBase - Should NOT close connection, using HTTP/1.1 > [DEBUG] HttpConnection - Releasing connection back to connection manager. > > > So, my assumption is that since the server is resending the > JSESSIONID_css_plt cookie, that it is considering my session to be expired. > > What do I do next? > > Rick
Rick, I suspect RFC2109 compliant cookie format may be a problem. Consider using the so called browser compatibility spec and also set the 'http.protocol.single-cookie-header' parameter to true http://hc.apache.org/httpclient-3.x/cookies.html Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
