CODEWITHSUNDEEP
javahttpclient
shrayansh
shrayansh

Reputation: 15

getting wrong jsession id

public static ApiFactory getInstance(String url, String userName, String password) {

            String sessionId = null;
            client = new DefaultHttpClient();
            ConstantUtil.setHostUrl(url);
            ConstantUtil.setUserName(userName);
            ConstantUtil.setPassword(password);

            try {
                    request = new HttpGet(ConstantUtil.getLoginUrl());
                    response = client.execute(request);
                    final Header[] headers = response.getHeaders("Set-Cookie");
                    for (int i = 0; i < headers.length; i++) {
                            if (headers[i].toString().indexOf("JSESSIONID") > 0) {
                                    int start = headers[i].toString().indexOf("JSESSIONID");
                                    int end = headers[i].toString().indexOf(";");
                                    sessionId = headers[i].toString().substring(start, end);
                            }
                    }

                    ConstantUtil.setLoginJsessionId(sessionId);



            } catch (ClientProtocolException e) {
                    e.printStackTrace();
            } catch (IOException e) {
                    e.printStackTrace();
            } finally {
                    request.abort();
            }

not able to get the authentication myloginUrl is... String loginurl = ConstantUtil.getHostUrl() + "/j_spring_security_check?j_user="+ getUserName() + "&j_passw=" + getPassword(); actually i need jsessionId which i need for the later purpose when i will post the json data.

Upvotes: 0

Views: 748

Answers (2)

fsaftoiu
fsaftoiu

Reputation: 375

As Antoniossss said, this it would be better to use the standard cookie handling methods. That being said, your way should probably get you the cookies, since after all they are being send in the form of a header.

However, I do see a potential problem with your code. You test if the index of JSESSIONID is greater than 0. But if JSESSIONID is at the very begining of the header string, than it's index would be 0 and you would miss that. You should instead test if the index of JSESSIONID is greater than -1.

Upvotes: 0

Antoniossss
Antoniossss

Reputation: 32535

I think you should get JSESSIONID from cookies, insteed of getting it from headers in "magical" way. To do that DefaultHttpClient has something like getCookieStore() and the CookieStore has getCookies() method. Try to use them.

EDIT: Ad comment

You are wrong, and your loging in mechanism is not working properly. If you paste JSESSIONID that represents session of already logged user, server probably ignores login request and returns authenticated content. This is called session hijacking. So you need to double check login mechanism.

Upvotes: 0

Related Questions