cookieshttpcontextapache-httpclient-4.xjsessionidcookiestore

Why is httpclient is refreshing the jsession id for every request?


I am trying to hit a url(login screen), get the jsessionid(J2EEJSESSIONID) and add it in the cookie store and in turn in to the context and hit the same url with credentials. I am expecting a login successful screen. However i am bounced with the login screen again. And, i printed the response header for both the hits. I am expecting both the response with the same J2EESESSIONID to maintain the session. Instead both the session ids are different. Pls help.

Pls find the code below:

    HttpEntity entity = null;
    DefaultHttpClient httpClient = new DefaultHttpClient();
    try{

        // Initialization
        HttpPost httpPost = new HttpPost("https://yyyyy.xxx.com/enl");
        HttpClientExample httpClientExample = new HttpClientExample();
        CookieStore cookieStore = new BasicCookieStore();
        HttpContext httpContext = new BasicHttpContext();
        httpContext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
        HttpGet httpGet = new HttpGet("https://yyyyy.xxx.com/enl");

        // Execute Get
        HttpResponse httpResponse = httpClient.execute(httpGet, httpContext);

        // Print the header for 1st url
        org.apache.http.Header[] headers = httpResponse.getAllHeaders();
        System.out.println("##### Header length::"+headers.length);
        for(int i=0;i<headers.length; i++)
        {
            System.out.println("Header Name::"+headers[i].getName());
            System.out.println("Header Val::"+headers[i].getValue());
        }  

        // update Cookie for the next hit
        org.apache.http.Header[] cookieHeaders = httpResponse.getHeaders("Set-Cookie");
        String html = EntityUtils.toString(httpResponse.getEntity());
        cookieStore = httpClientExample.updateCookieStore(cookieHeaders, cookieStore);
        httpClient.setCookieStore(cookieStore);
        httpContext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);

        // Setting the redirects since i received 302 error
        httpClient.setRedirectStrategy(new DefaultRedirectStrategy() {                
            public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context)  {
                boolean isRedirect=false;
                try {
                    isRedirect = super.isRedirected(request, response, context);
                } catch (ProtocolException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
                if (!isRedirect) {
                    int responseCode = response.getStatusLine().getStatusCode();
                    if (responseCode == 301 || responseCode == 302) {
                        return true;
                    }
                }
                return false;
            }
        });

        // Added because i received Circular redirect error
        httpClient.getParams().setParameter(ClientPNames.ALLOW_CIRCULAR_REDIRECTS, true); 

        // Execute Post with credentials
         httpClient.getCredentialsProvider().setCredentials(
                 new AuthScope("http://yyyyy.xxx.com", 443),
                 new UsernamePasswordCredentials("usr", "pswd"));
         httpPost.setHeader("Cookie", "JSESSIONID="+ getSessionId(cookieHeaders));
         HttpResponse response = httpClient.execute(httpPost, httpContext);


       // Print the response
        entity = response.getEntity();
        InputStream content1 = (InputStream)entity.getContent();
        System.out.println("############### 2nd #####################"+response.getStatusLine().getStatusCode());
        BufferedReader in1   = 
            new BufferedReader (new InputStreamReader (content1));
        String line1;
        while ((line1 = in1.readLine()) != null) {
            System.out.println(line1);
        }

        // Print the header for 2nd url
        org.apache.http.Header[] headers1 = response.getAllHeaders();
        System.out.println("##### Header length 2 ::"+headers1.length);
        for(int i=0;i<headers1.length; i++)
        {
            System.out.println("Header Name 2 ::"+headers1[i].getName());
            System.out.println("Header Val 2 ::"+headers1[i].getValue());
        }  



    }
    catch(Exception e)
    {
        e.printStackTrace();
    }
    finally{

        try {
            EntityUtils.consume(entity);
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        httpClient.getConnectionManager().shutdown();
    }
}

private static String getSessionId(org.apache.http.Header[] headers) {
    // TODO Auto-generated method stub

    for(int i=0;i<headers.length; i++)
    {
        String str = headers[i].getValue();
        String[] strArray = str.split("=");
        String[] cookieValueArray = strArray[1].split(";");
        System.out.println(strArray[0]+"|"+cookieValueArray[0]);
        if(strArray[0].startsWith("J2EEJSESSION"))
        {
            System.out.println("cookieValueArray[0]:"+cookieValueArray[0]);
            return cookieValueArray[0];
        }

    }
    return null;
}

protected CookieStore updateCookieStore(org.apache.http.Header[] headers, CookieStore cookieStore)
{
    for(int i=0;i<headers.length; i++)
    {
        String str = headers[i].getValue();
        String[] strArray = str.split("=");
        String[] cookieValueArray = strArray[1].split(";");
        System.out.println(strArray[0]+"|"+cookieValueArray[0]);
        BasicClientCookie cookie = new BasicClientCookie(strArray[0], "A"+cookieValueArray[0]);
        /*if(strArray[0].startsWith("J2EEJSESSION"))
        {
            cookie.setDomain("yyyyy.xxx.com");
        }
        else
        {
            cookie.setDomain(".xxx.com");
        }*/

        cookie.setDomain(".xxx.com");
        cookie.setPath("/");
        cookieStore.addCookie(cookie);
        if(strArray[0].startsWith("J2EEJSESSION"))
        {
            BasicClientCookie cookie1 = new BasicClientCookie("JSESSIONID", "A"+cookieValueArray[0]);
            cookie1.setDomain(".xxx.com");
            cookie1.setPath("/");
            cookieStore.addCookie(cookie1);
        }
    }
    return cookieStore;
}

Another observation: When i remove the "A" concat from the below snippet, i am not getting the J2EESESSIONID in the 2nd hit:

BasicClientCookie cookie = new BasicClientCookie(strArray[0], "A"+cookieValueArray[0]);


Solution

  • Found the answer on the same day I posted this question.. thought of sharing.. The answer is very simple.. For some reasons the authentication wasn't successful, hence the new jsessionId was created. Replaced "httpClient.getCredentialsProvider().setCredentials()" with "BasicNameValuePair" and it worked :)