Re: HttpClient invalidates session

Thu, 17 Jul 2008 14:53:47 -0700 

On Wed, 2008-07-16 at 16:18 -0700, Leena Borle wrote:
> Hi,
>   I have a struts-2 application running on Tomcat-5 with Single Sign on
> enabled. What I am trying to do is , use HttpClient(struts2 app) to access
> data  other WAR(say WAR2) which also has Form Based login system. To avoid
> sending user's credentials(Which I don't have in my application), I am
> trying to send cookie-JSESSIOIDSSO in the request header.
>   Everything works fine, I get the data back. But after that, my application
> throws error that, session is invalidated.
>   How do I stop HttpClient from invalidating the session ?
> 
> Thanks
> Leena.
> 

Leena,

The HTTP session can only be invalidated by the server. HttpClient
merely uses the session cookie to inform the server that requests are
logically related.

Oleg


> Here is the code in my application ,
> 
> (Struts-2) HttpServletRequest request = ServletActionContext.getRequest();
> 
>         //try out httpclient
> 
>         javax.servlet.http.Cookie[] cookies = request.getCookies();
>         HttpState newState = new HttpState();
>         javax.servlet.http.Cookie ssoID = null;
>         for(int c = 0; c < cookies.length; c ++) {
>             javax.servlet.http.Cookie k = cookies[c];
>             if(k.getName().equalsIgnoreCase("JSESSIONIDSSO"))
>                 ssoID=k;
>         }
> 
> 
>         HttpClient client = new HttpClient();
>         client.setState(newState);
>         GetMethod getMethod  = new GetMethod("
> http://localhost:8080/war2/exceuteServlet";);
> 
> getMethod.getParams().setCookiePolicy(org.apache.commons.httpclient.cookie.CookiePolicy.IGNORE_COOKIES);
> 
>         getMethod.setRequestHeader("Cookie", ssoID.getName() + "=" +
> ssoID.getValue());
>         try {
> 
>             int responseCode =
> client.executeMethod(null,getMethod,newState);
>             String body = getMethod.getResponseBodyAsString();
> 
>             AppLogger.getLogger().debug("Response code = " + responseCode+ "
> \nResponse is " + body);
> 
>           } catch (HttpException e) {
>               // TODO Auto-generated catch block
> 
>           } catch (IOException e) {
>               // TODO Auto-generated catch block
> 
>           } finally {
>               // release any connection resources used by the method
>               getMethod.releaseConnection();
>           }


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to