permaculture playing cards
The moose likes Servlets and the fly likes Automatic POSTs and forwarding cookies to client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Automatic POSTs and forwarding cookies to client" Watch "Automatic POSTs and forwarding cookies to client" New topic

Automatic POSTs and forwarding cookies to client

Ste Graham

Joined: Sep 15, 2003
Posts: 23
Hi - I think this is the correct forum to post this query on, and not the "Sockets and Internet Protocols" one. I did do a quick search, but couldn't find any info on how to achieve this.

We have a service which has a form based login, once you have logged in it sets a cookie and then repeatedly, through out a session, checks to see if the cookie is set. If no cookie is found then it prints the login form. I want to be able to automate the login, so the user does not need to enter any details, and then hand off to the client(browser) to get on with the "session".

I can perform the automated POST successfully (using the org.apache.commons.httpclient package), but I'm having problems with handling the cookies that come back from the website. The cookies need to be set on the clients browser for the service to work. I have tried to grab the cookies that come back to my servlet, something like:

I can get the cookies no worries, printing them out shows they are there. How do I then forward them on to the browser? - obviously they need to be seen as coming from the domain of the external website, not the domain that my servlet runs on. I tried setting the domain with

, but this doesn't work. Is this possible at all or, because of security issues, is it not going to work? Any help/advice would be much appreciated.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

Browsers set the domain according to how they got to a particular site (you can't set the domain from the server).
They're designed not to be spoofed in that fashion.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ste Graham

Joined: Sep 15, 2003
Posts: 23
Yeah, I kinda knew/guessed that. Trying to set the domain in that fashion was the act of desperate man!! So, does anyone know if what I am trying to do is possible? I'm sure it is without having to turn my servlet into some sort of re-writing proxy!!

I suppose on option would be be to return to the client some HTML with a form that contains the login details as hidden values. The page could contain some javscript which reacts to the "onLoad" event and autosubmits the form.

I agree. Here's the link:
subject: Automatic POSTs and forwarding cookies to client
It's not a secret anymore!