• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Automatic POSTs and forwarding cookies to client

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi - I think this is the correct forum to post this query on, and not the "Sockets and Internet Protocols" one. I did do a quick search, but couldn't find any info on how to achieve this.

We have a service which has a form based login, once you have logged in it sets a cookie and then repeatedly, through out a session, checks to see if the cookie is set. If no cookie is found then it prints the login form. I want to be able to automate the login, so the user does not need to enter any details, and then hand off to the client(browser) to get on with the "session".

I can perform the automated POST successfully (using the org.apache.commons.httpclient package), but I'm having problems with handling the cookies that come back from the website. The cookies need to be set on the clients browser for the service to work. I have tried to grab the cookies that come back to my servlet, something like:



I can get the cookies no worries, printing them out shows they are there. How do I then forward them on to the browser? - obviously they need to be seen as coming from the domain of the external website, not the domain that my servlet runs on. I tried setting the domain with



, but this doesn't work. Is this possible at all or, because of security issues, is it not going to work? Any help/advice would be much appreciated.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Browsers set the domain according to how they got to a particular site (you can't set the domain from the server).
They're designed not to be spoofed in that fashion.
 
Ste Graham
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yeah, I kinda knew/guessed that. Trying to set the domain in that fashion was the act of desperate man!! So, does anyone know if what I am trying to do is possible? I'm sure it is without having to turn my servlet into some sort of re-writing proxy!!

I suppose on option would be be to return to the client some HTML with a form that contains the login details as hidden values. The page could contain some javscript which reacts to the "onLoad" event and autosubmits the form.

hmmhh...?
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic