Meaningless Drivel is fun!
The moose likes JSF and the fly likes saving logged in session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "saving logged in session" Watch "saving logged in session" New topic

saving logged in session

Henry Moore

Joined: Mar 13, 2009
Posts: 1
I am currently using URLConnection to get a file from a website. Here is the function that I am using. THe problem is that I am getting a lot of file and so I call this many times. I'm looking for a way to speed this up and I was wondering if instead of logging in again and again, I could save the session after logging in the first time and continue to use this session.

private InputStream getInputStreamFromUrl(String strUrl) {
InputStream is = null;
try {
URL url = new URL(strUrl);
URLConnection urlC = url.openConnection();
String encoding = new sun.misc.BASE64Encoder().encode("username:password"
urlC.setRequestProperty("Authorization", "Basic " + encoding);

is = urlC.getInputStream();
} catch (Exception e) {
return is;

I've tried the following code to get the cookie information but the header doesn't have any cookies.

Map<String, List<String>> headers = conn.getHeaderFields();
List<String> values = headers.get("Set-Cookie");

String cookieValue = null;
for (Iterator iter = values.iterator(); iter.hasNext(); ) {
String v =;
if (cookieValue == null)
cookieValue = v;
cookieValue = cookieValue + ";" + v;

When I try this in a browser, after I log in once, I can repeatedly ask for files, even if I clear the cookies after logging in. Where is this session information getting stored in the browser and how can I access it in java code? Any help would be greatly appreciated.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

Welcome to the JavaRanch, Henry, but you get better answers to your questions when you ask them in a forum where people specialize in the subject of the question. This is the JSF forum, and I don't see anything JSF-specific in what you're asking.

Sessions in the J(2)EE sense are constructs of the application server. Since HTTP is a stateless protocol, any attempt to maintain state between client/server request/response cycles has to have a little help. In Java's case, the help is a "handle" to information kept on the server (the session).

Preserving the handle on the client won't work. When the session expires or is invalidated, it's destroyed on the server, so what you'd end up with is a handle to nothing. There's no hope for it - you're either going to have to take measures to keep the session alive or simply login again. Which is just as well, since a never-ending login is a potential security problem.

All you need to do to keep the session alive is to make a request before the session times out. You can even do this while another request is processing, since Java appservers run multi-threaded. It doesn't need to be fancy - any request will do, since the purpose is simply to reset the server's session countdown timer.

I mentioned the session handle. This is just a hash string that helps the server match a client with a session. It has to be unique, and it has to be unguessable for security reasons (since otherwise someone else could break in and meddle with the session), but its exact values and constructions are left up to the server. Although it can be passed in a cookie, a technique known as URL Rewriting is also used, since some people turn off cookies, and without some way of transmitting the session ID on every request, a session can't work. If you've ever noticed URLs with ";jsessionid=xxxxxxxxxxx" at the end, that's what it's all about.

An IDE is no substitute for an Intelligent Developer.
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
How is this related to JSF?
I would pick the Servlet forum or the intermediate Java forum.
I agree. Here's the link:
subject: saving logged in session
It's not a secret anymore!