This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSF and the fly likes saving logged in session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "saving logged in session" Watch "saving logged in session" New topic
Author

saving logged in session

Henry Moore
Greenhorn

Joined: Mar 13, 2009
Posts: 1
I am currently using URLConnection to get a file from a website. Here is the function that I am using. THe problem is that I am getting a lot of file and so I call this many times. I'm looking for a way to speed this up and I was wondering if instead of logging in again and again, I could save the session after logging in the first time and continue to use this session.

private InputStream getInputStreamFromUrl(String strUrl) {
InputStream is = null;
try {
URL url = new URL(strUrl);
URLConnection urlC = url.openConnection();
String encoding = new sun.misc.BASE64Encoder().encode("username:password"
.getBytes());
urlC.setRequestProperty("Authorization", "Basic " + encoding);

is = urlC.getInputStream();
} catch (Exception e) {
e.printStackTrace(System.err);
}
return is;
}

I've tried the following code to get the cookie information but the header doesn't have any cookies.

Map<String, List<String>> headers = conn.getHeaderFields();
List<String> values = headers.get("Set-Cookie");

String cookieValue = null;
for (Iterator iter = values.iterator(); iter.hasNext(); ) {
String v = values.next();
if (cookieValue == null)
cookieValue = v;
else
cookieValue = cookieValue + ";" + v;
}

When I try this in a browser, after I log in once, I can repeatedly ask for files, even if I clear the cookies after logging in. Where is this session information getting stored in the browser and how can I access it in java code? Any help would be greatly appreciated.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15960
    
  19

Welcome to the JavaRanch, Henry, but you get better answers to your questions when you ask them in a forum where people specialize in the subject of the question. This is the JSF forum, and I don't see anything JSF-specific in what you're asking.

Sessions in the J(2)EE sense are constructs of the application server. Since HTTP is a stateless protocol, any attempt to maintain state between client/server request/response cycles has to have a little help. In Java's case, the help is a "handle" to information kept on the server (the session).

Preserving the handle on the client won't work. When the session expires or is invalidated, it's destroyed on the server, so what you'd end up with is a handle to nothing. There's no hope for it - you're either going to have to take measures to keep the session alive or simply login again. Which is just as well, since a never-ending login is a potential security problem.

All you need to do to keep the session alive is to make a request before the session times out. You can even do this while another request is processing, since Java appservers run multi-threaded. It doesn't need to be fancy - any request will do, since the purpose is simply to reset the server's session countdown timer.

I mentioned the session handle. This is just a hash string that helps the server match a client with a session. It has to be unique, and it has to be unguessable for security reasons (since otherwise someone else could break in and meddle with the session), but its exact values and constructions are left up to the server. Although it can be passed in a cookie, a technique known as URL Rewriting is also used, since some people turn off cookies, and without some way of transmitting the session ID on every request, a session can't work. If you've ever noticed URLs with ";jsessionid=xxxxxxxxxxx" at the end, that's what it's all about.


Customer surveys are for companies who didn't pay proper attention to begin with.
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
How is this related to JSF?
I would pick the Servlet forum or the intermediate Java forum.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: saving logged in session
 
Similar Threads
Using a method to retrieve a cookie
HttpUrlConnection: Login works only for first page
URLConnection 422 Http Error response
[HELP] How to login to a website and get XML data of that site
Cookies not getting reset in Netscape 4.72!!! URGENT!!!