> It should be a POST request to /[webapp]/j_security_check, > and include the JSESSIONID cookie set by the server when the > login page was returned.
Thanks, this seems to be the issue. There is a call to org.apache.catalina.connector.Request.setRequestedSessionId(String id) from parseSessionCookiesId? How does the client get the JSESSIONID? When the server generates the login page does it have to call response.addCookie? From where should the servlet get the session id? How does the client read the cookie? Thanks. --- On Sun, 12/14/08, Caldarale, Charles R <chuck.caldar...@unisys.com> wrote: > From: Caldarale, Charles R <chuck.caldar...@unisys.com> > Subject: RE: Server returned HTTP response code: 408 for URL: > https...j_security_check > To: "Tomcat Users List" <users@tomcat.apache.org> > Date: Sunday, December 14, 2008, 9:02 PM > > From: removeps-gro...@yahoo.com > [mailto:removeps-gro...@yahoo.com] > > Subject: RE: Server returned HTTP response code: 408 > for URL: > > https...j_security_check > > > > The request input stream is set to > > > "j_username=username&j_password=password". > > Good so far. > > > But to what URL should the above response be posted? > > It should be a POST request to /[webapp]/j_security_check, > and include the JSESSIONID cookie set by the server when the > login page was returned. > > > <form action="j_security_check" > ...>...</form>. > > Again, note that the method should be POST (which your code > does seem to be doing). > > > A browser does not know about Tomcat protocols, so it > > would I imagine send the request to j_security_check. > > Correct, but that's accepted by Tomcat only when a > login form has just been returned to the client. > There's no indication in your code that the > j_security_check is being sent as a response to a login > form, nor is the required JSESSIONID cookie being returned. > > > So any ideas on how to make https requests through > code? > > This isn't tied to HTTPS, just form login. The SSL > negotiation is completely separate. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR > OTHERWISE PROPRIETARY MATERIAL and is thus for use only by > the intended recipient. If you received this in error, > please contact the sender and delete the e-mail and its > attachments from all computers. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
