Win a copy of Penetration Testing Basics this week in the Security forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Servlet not sending jsessionid to an applet after first response

Jack Thiyla
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am using Httpsession object for session tracking between applet and servlets. For a first applet request, the servlet creates a Httpsession object and is able to send the JSESSIONID to the applet. I extract the "Set-Cookie" header from the URLConnection and save it to a temporary variable(say var1). on the next request I sent the JSESSIONID( cookie) using the setHeader("Cookie",var1) which the servlet is able to receive and get the existing Httpsession object. Now it is this time the servlet is not being able to send the JSESSIONID to applet.I did check the headers at the applet end but it is not present. If anyone could explain why that is the case?

Below is my code:

Applet code:
URL targetServlet = new URL(location + webappdir + "/" + servletname);
servletConnection = targetServlet.openConnection();
servletConnection.setUseCaches (false);

if(var1!=null) // Supposing var1 is the value extracted from the servletConnection.getHeader("Set-Cookie");
servletConnection.setRequestProperty("Cookie", var1);
outputToServlet = new ObjectOutputStream(servletConnection.getOutputStream());
}catch (IOException e){ }

servlet code for the second response:

HttpSession session = res.getSession(false);
res.setHeader("Cache-Control","no-cache"); //HTTP 1.1
res.setHeader("Pragma","no-cache"); //HTTP 1.0
res.setDateHeader ("Expires", 0); //prevents caching at the proxy server

outStream = res.getOutputStream();
outos = new ObjectOutputStream(outStream );
outos.writeObject(any serializable object)

  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic