• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

strange reading cookie problem

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All

***** changed cookie to kookie to avoid javaranch post problem ********

I am not an expert on struts. Currently i have been assigned to resolve a problem on struts pertaining to reading of kookies.

The functionality which we are trying to acheive is similar like " Remember Me" functionality as available in Hotmail & Yahoo web mail sites.

Our login page is something like this . The username is the user's email id. then there is a password box. Below that we have a check box (saying Remember Me on this computer).
The functionality we desire is the next time when the user visits the site the user's mail id should be automatically be there in the Username box & he need not type it again.

So we have used struts to implement the same. But we are encountering a very strange problem. The problem is when the user logs in & checks the Remember Me box the whole application goes haywire.
It does not allow me to log off. Even when i close & re open the browser I m not able to log in again for the same user. Even if i try to log in with a different user automatically i get the same earlier username , password & remember me check box clicked on the Login page but not able to log in at all.
The only solution i have is to resort to is to delete kookies from the browser

I will post the code here . Hope some one can help me out on the same.

This is the login page (Index.jsp)
------------------------------------------------------------------
public class Index extends BaseAction{
private static final Logger log = Logger.getLogger(Index.class);

/** Creates a new instance of Index */
public Index() { super();}

// list of categories, store reference in users session
// may want to look at cache-refresh scheme later
private static List categories;

/** Struts Action */
public ActionForward doAction(StrutsBundle struts)
throws Exception{
try{
HttpSession httpSession = struts.getRequest().getSession(true);

// make sure categories are stored in session
// HibernateUtil lvHibUtil = new HibernateUtil();
//HashMap lvQueryMap = new HashMap();
CategoryQuery categoryQuery = new CategoryQuery();
List categories = categoryQuery.getCategoryList();
//lvHibUtil.executeMultiRowSelectQuery("GET_ALL_ACTIVE_CATEGORIES","cat", Category.class, lvQueryMap);
httpSession.setAttribute(Token.Category.activeList, categories);

// check for that session is new AND we don't have a current user AND no kookie is set
if(httpSession.isNew() && httpSession.getAttribute(Token.User.current) == null && !struts.iskookieSet(Token.kookies.loginId)){
log.info("Anonymous login");
String sessId = "WB" + httpSession.getId();
BusinessProxy businessProxy = (BusinessProxy) ProxyFactory.createProxy(Module.WEB, Module.BUSINESS);
businessProxy.setSessionID(sessId);
LogonRequest logonReq = new LogonRequest();
logonReq.setAnonymous("true");
ResponseMessage responsemessage = businessProxy.logon(logonReq);
httpSession.setAttribute("anonymous", "true");
//log.info("Anon login");
return struts.forwardSuccess();
}

// if we have logon kookies then prepopulate login form
if(struts.iskookieSet(Token.kookies.loginId)){
log.info("Retreiving logininfo from kookies");
String loginId = struts.readkookie(Token.kookies.loginId);
if(loginId != null){
loginId = Base64Decoder.decode(loginId);
}
String password = struts.readkookie(Token.kookies.password);
if(password != null){
password = Base64Decoder.decode(password);
}
LoginForm loginForm = new LoginForm();
loginForm.setLoginId(loginId);
loginForm.setPassword(password);
loginForm.setRememberMe("on");
struts.saveInRequest("loginForm", loginForm);
}

} catch(ProxyInvocationException exProxy){
return struts.addErrorAndForward("datalayer.failed");
} catch(BaseException exBase){
return struts.addErrorAndForward("system.error");
}
return struts.forwardSuccess();
}
}
------------------------------------------------------------------

This is the code snippet for the Struts Bundle class where all kookie handling is done

------------------------------------------------------------------
public void saveInRequest(String key, Object o){
this.request.setAttribute(key, o);
}

public void saveInSession(String key, Object o){
this.request.getSession().setAttribute(key, o);
}

public void removeFromSession(String key){
this.request.getSession().removeAttribute(key);
}

public Object getFromSession(String key){
return this.request.getSession().getAttribute(key);
}

public String getSessionId(){
return this.request.getSession().getId();
}

public boolean iskookieSet(String name){
return kookieUtils.iskookieSet(name, this.request);
}

public String readkookie(String name){
return kookieUtils.getKookieValue(name, this.request);
}

public void setRememberMe(String loginId, String password){
this.savekookies(this.response, loginId, password);
}

public void clearRememberMe(){
this.removekookies(this.response);
}

private void savekookies(HttpServletResponse response, String username, String password) {
kookie usernamekookie = new kookie(Token.kookies.loginId, Base64Encoder.encode(username));
usernamekookie.setMaxAge(60 * 60 * 24 * 30); // 30 day expiration
response.addkookie(usernamekookie);
kookie passwordkookie = new kookie(Token.kookies.password, Base64Encoder.encode(password));
passwordkookie.setMaxAge(60 * 60 * 24 * 30); // 30 day expiration
response.addkookie(passwordkookie);
}
private void removekookies(HttpServletResponse response) {
// expire the username kookie by setting maxAge to zero
// (actual kookie value is irrelevant)
kookie unamekookie = new kookie(Token.kookies.loginId, "expired");
unamekookie.setMaxAge(0);
response.addkookie(unamekookie);

// expire the password kookie by setting maxAge to zero
// (actual kookie value is irrelevant)
kookie pwdkookie = new kookie(Token.kookies.password, "expired");
pwdkookie.setMaxAge(0);
response.addkookie(pwdkookie);
}

}
------------------------------------------------------------------
kookieUtils.java (this is helper kookie class)

------------------------------------------------------------------
public class kookieUtils {

/**
* Returns the value of the kookie with the specified name,
* or null if not found.
*/
public static String getKookieValue(String name, HttpServletRequest req) {
kookie[] kookies = req.getKookies();
if (kookies == null) {
return null;
}

String value = null;
for (int i = 0; i < kookies.length; i++) {
if (kookies[i].getName().equals(name)) {
value = kookies[i].getValue();
break;
}
}
return value;
}

/**
* Creates a kookie with the specified name, value and max age,
* and adds it to the response.
*/
public static void sendkookie(String name, String value, int maxAge,
HttpServletResponse res) {
kookie kookie = new kookie(name, value);
kookie.setMaxAge(maxAge);
res.addkookie(kookie);
}

/**
* Returns true if a kookie with the specified name is
* present in the request.
*/
public static boolean iskookieSet(String name, HttpServletRequest req) {
return getKookieValue(name, req) != null;
}
}

------------------------------------------------------------------

Logout.java (this is the logout class)

------------------------------------------------------------------
public class Logout extends BaseAction{

public ActionForward doAction(StrutsBundle struts)
throws Exception{

// login to business layer
String sessId = "WB" + struts.getSessionId();
BusinessProxy businessProxy = (BusinessProxy) ProxyFactory.createProxy(Module.WEB, Module.BUSINESS);
businessProxy.setSessionID(sessId);
LogoffRequest logoffreq = new LogoffRequest();

ResponseMessage responsemessage = businessProxy.logoff(logoffreq);

if (responsemessage instanceof ErrorResponse)
return struts.addErrorAndForward("login.invalid");

struts.saveInSession(Token.User.current, null);
struts.getRequest().getSession(false).invalidate();

if(struts.getRequest().getParameter("gohome")!=null){
return struts.forward("home");
}else{
return struts.forwardSuccess();
}
}


}

------------------------------------------------------------------

Do let me know if you require more info

Regards
Hari
 
Ranch Hand
Posts: 354
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
it looks like you also set a cookie for the password and use that to login when the 2 exist.

look at the line below and the lines following that.
String password = struts.readkookie(Token.kookies.password);

you shouldn't be storing passwords in a cookie anyway. that's a huge security flaw. use it, set a flag in the session to indicate that the user logged in, destroy it. if you need to store it, store it in the session.
 
Ranch Hand
Posts: 312
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Alan

I am colleague of Hari. Yes i agree with you totally.
We have removed that peice of code but that problem still persists which we mentioned in this thread.

Can someone give us a hint to where we need to look

Appreciate your help

Bye
Manish
 
reply
    Bookmark Topic Watch Topic
  • New Topic