CODEWITHSUNDEEP
javacookieshttpurlconnectionhttp-redirecthttpsurlconnection
Always Learning
Always Learning

Reputation: 5581

Why are my Java HttpsURLConnection calls not working and cookies being lost?

I had a frustrating situation where some java code I'd written to automate some actions on a web site stopped working after the site switched to https. I could no longer login properly. Instead I'd end up getting a 200 result with the login failing.

I could not figure out why it was seemingly ignoring the login data I sent, and not giving me back the cookies to identify myself on subsequent calls.

I'm answering my own question here because I finally figured out what was going on and hope it might help others (and my future self).

Upvotes: 0

Views: 667

Answers (1)

Always Learning
Always Learning

Reputation: 5581

The primary reason for my trouble was that the site returned a 302 result with appropriate cookies, but I never got a chance to interpret it.

The default behaviour of the HttpURLConnection is to follow the redirects for me. This would have been dandy if it also preserved the cookies as they came back from the first request, but it did not. This caused the server to receive the redirect to the proper site, but lose its cookies showing my login was good.

To fix this just needed this call early in my program:

HttpURLConnection.setFollowRedirects(false);

That let the 302 get seen by my code which could then gather the cookie values and resubmit a request to the new Location. I don't know if it's a bug that the redirect following ignored the Set-Cookie header values, but whether it should have or not, it certainly confused me for a while.

Another issue was that the site I used sometimes sent a Location value that was relative rather than absolute, so I had to handle that with code like this:

if (!location.startsWith("http")) {
    String newLocation = url.getProtocol() + "://" + url.getHost();
    if (url.getPort() > 0) {
        newLocation += ":" + url.getPort();
    }
    if (location.startsWith("/")) {
        newLocation += location; 
    }
    else {
        if (!location.startsWith("/")) {
            location = "/" + location;
        }
        newLocation += url.getPath() + location;
    }
    location = newLocation;
}
url = new URL(location);

This would get done in a loop that keeps trying new url values while 302's keep coming back.

Upvotes: 3

Related Questions