Re: [jersey-dev] question about jax-rs client and session cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jersey-dev] question about jax-rs client and session cookies

From: Guy Mac <guymac@xxxxxxxxx>
Date: Mon, 11 May 2020 10:59:29 -0700
Delivered-to: jersey-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jersey-dev>
List-help: <mailto:jersey-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jersey-dev>, <mailto:jersey-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jersey-dev>, <mailto:jersey-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0

I'm still struggling to understand this, to make a simple HTTP connection and obtain the session cookie.
I know it isn't "RESTful" to use a session, but it seems like JAX-RS provides a very nice high level API and I would like to make sure of it.

1) Things work perfectly on a production server using https

2) I've tried making changes to my web-app for testing, to wit:

<cookie-config>
        <http-only>false</http-only>
        <secure>false</secure>
        <max-age>86400000</max-age>
</cookie-config>

So now there's no reason, to my knowledge, why a client should reject the session cookie.

I check with wget and see that this appears to be working:

# HTTP cookie file.
# Generated by Wget on 2020-05-11 10:47:45.
# Edit at your own risk.

localhost:8080  FALSE   /app FALSE   1675619264      JSESSIONID      EC1C9B979B6A43DA8730F20610A4E018

3) But, still, connecting with JAX-RS client, I do not get the session cookie.

Here's the code:

        Form form = new Form();
        form.param(PARAM_USERNAME, username);
        form.param(PARAM_PASSWORD, password);

        Invocation.Builder invocationBuilder = loginAction.request();
        Response response = invocationBuilder.post(Entity.form(form));

        session = response.getCookies().get(SERVICE_SESSION_COOKIE_NAME);

        response.getHeaders().forEach((k,v) -> System.err.format("%s = %s%n", k, v));

        if (session == null) throw new IOException("Did not received expected session cookie");

And the logging response:

INFO: 1 * Sending client request on thread main
1 > POST http://localhost:8080/app/login
1 > Content-Type: application/x-www-form-urlencoded

May 11, 2020 10:48:06 AM org.glassfish.jersey.logging.LoggingInterceptor log
INFO: 1 * Client response received on thread main
1 < 200
1 < Content-Type: text/html;charset=UTF-8
1 < Date: Mon, 11 May 2020 17:48:06 GMT
1 < Transfer-Encoding: chunked

Transfer-Encoding = [chunked]
Date = [Mon, 11 May 2020 17:48:06 GMT]
Content-Type = [text/html;charset=UTF-8]
Exception in thread "main" java.io.IOException: Did not received expected session cookie

Can anyone tell me what I am doing wrong or if the JAX-RS client filters out certain types of cookies/headers and if so, why?

On 5/7/2020 5:56 PM, Brock Mills wrote:

This might be more of a SO question, but your Cookie has the secure
attribute set. Refer to this:
https://en.wikipedia.org/wiki/Secure_cookie

On Fri, 8 May 2020 at 09:22, Guy Mac <guymac@xxxxxxxxx> wrote:

Hello, I am having trouble determining why I can't get a session cookie from my test server.

I am performing the request like this:

        Invocation.Builder invocationBuilder = loginAction.request();
        Response response = invocationBuilder.post(Entity.form(form));

        //System.err.println(response.readEntity(String.class));
        session = response.getCookies().get(SERVICE_SESSION_COOKIE_NAME);

This works as expected on a production (https) machine.

On my test (localhost, non-https), however, there is no cookie. But I can check with wget or a browser and see that a cookie is being sent to clients:

wget --keep-session-cookies --save-cookies /tmp/cookies.txt -S http://localhost:8080/hiwish/ --2020-05-07 16:12:43-- http://localhost:8080/app/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 200 Set-Cookie: JSESSIONID=837D220DC49BD43242A3C13B0662FFD6; Path=/app; Secure; HttpOnly Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Date: Thu, 07 May 2020 23:12:43 GMT Length: unspecified [text/html] Saving to: ‘index.html’ index.html [ <=> ] 19.12K --.-KB/s in 0s 2020-05-07 16:12:43 (46.9 MB/s) - ‘index.html’ saved [19574] guymac@kal-el:~/winhome$ cat /tmp/cookies.txt # HTTP cookie file. # Generated by Wget on 2020-05-07 16:12:43. # Edit at your own risk. localhost:8080 FALSE /app TRUE 0 JSESSIONID 837D220DC49BD43242A3C13B0662FFD6
_______________________________________________
jersey-dev mailing list
jersey-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jersey-dev

_______________________________________________
jersey-dev mailing list
jersey-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jersey-dev

References:
- [jersey-dev] question about jax-rs client and session cookies
  - From: Guy Mac
- Re: [jersey-dev] question about jax-rs client and session cookies
  - From: Brock Mills

Prev by Date: Re: [jersey-dev] question about jax-rs client and session cookies
Next by Date: [jersey-dev] p2 for jersey
Previous by thread: Re: [jersey-dev] question about jax-rs client and session cookies
Next by thread: [jersey-dev] p2 for jersey
Index(es):
- Date
- Thread

Breadcrumbs