Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Automatic POSTs and forwarding cookies to client

 
Ste Graham
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi - I think this is the correct forum to post this query on, and not the "Sockets and Internet Protocols" one. I did do a quick search, but couldn't find any info on how to achieve this.

We have a service which has a form based login, once you have logged in it sets a cookie and then repeatedly, through out a session, checks to see if the cookie is set. If no cookie is found then it prints the login form. I want to be able to automate the login, so the user does not need to enter any details, and then hand off to the client(browser) to get on with the "session".

I can perform the automated POST successfully (using the org.apache.commons.httpclient package), but I'm having problems with handling the cookies that come back from the website. The cookies need to be set on the clients browser for the service to work. I have tried to grab the cookies that come back to my servlet, something like:



I can get the cookies no worries, printing them out shows they are there. How do I then forward them on to the browser? - obviously they need to be seen as coming from the domain of the external website, not the domain that my servlet runs on. I tried setting the domain with



, but this doesn't work. Is this possible at all or, because of security issues, is it not going to work? Any help/advice would be much appreciated.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Browsers set the domain according to how they got to a particular site (you can't set the domain from the server).
They're designed not to be spoofed in that fashion.
 
Ste Graham
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah, I kinda knew/guessed that. Trying to set the domain in that fashion was the act of desperate man!! So, does anyone know if what I am trying to do is possible? I'm sure it is without having to turn my servlet into some sort of re-writing proxy!!

I suppose on option would be be to return to the client some HTML with a form that contains the login details as hidden values. The page could contain some javscript which reacts to the "onLoad" event and autosubmits the form.

hmmhh...?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic