Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

saving logged in session  RSS feed

Henry Moore
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am currently using URLConnection to get a file from a website. Here is the function that I am using. THe problem is that I am getting a lot of file and so I call this many times. I'm looking for a way to speed this up and I was wondering if instead of logging in again and again, I could save the session after logging in the first time and continue to use this session.

private InputStream getInputStreamFromUrl(String strUrl) {
InputStream is = null;
try {
URL url = new URL(strUrl);
URLConnection urlC = url.openConnection();
String encoding = new sun.misc.BASE64Encoder().encode("username:password"
urlC.setRequestProperty("Authorization", "Basic " + encoding);

is = urlC.getInputStream();
} catch (Exception e) {
return is;

I've tried the following code to get the cookie information but the header doesn't have any cookies.

Map<String, List<String>> headers = conn.getHeaderFields();
List<String> values = headers.get("Set-Cookie");

String cookieValue = null;
for (Iterator iter = values.iterator(); iter.hasNext(); ) {
String v =;
if (cookieValue == null)
cookieValue = v;
cookieValue = cookieValue + ";" + v;

When I try this in a browser, after I log in once, I can repeatedly ask for files, even if I clear the cookies after logging in. Where is this session information getting stored in the browser and how can I access it in java code? Any help would be greatly appreciated.
Tim Holloway
Posts: 18662
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Henry, but you get better answers to your questions when you ask them in a forum where people specialize in the subject of the question. This is the JSF forum, and I don't see anything JSF-specific in what you're asking.

Sessions in the J(2)EE sense are constructs of the application server. Since HTTP is a stateless protocol, any attempt to maintain state between client/server request/response cycles has to have a little help. In Java's case, the help is a "handle" to information kept on the server (the session).

Preserving the handle on the client won't work. When the session expires or is invalidated, it's destroyed on the server, so what you'd end up with is a handle to nothing. There's no hope for it - you're either going to have to take measures to keep the session alive or simply login again. Which is just as well, since a never-ending login is a potential security problem.

All you need to do to keep the session alive is to make a request before the session times out. You can even do this while another request is processing, since Java appservers run multi-threaded. It doesn't need to be fancy - any request will do, since the purpose is simply to reset the server's session countdown timer.

I mentioned the session handle. This is just a hash string that helps the server match a client with a session. It has to be unique, and it has to be unguessable for security reasons (since otherwise someone else could break in and meddle with the session), but its exact values and constructions are left up to the server. Although it can be passed in a cookie, a technique known as URL Rewriting is also used, since some people turn off cookies, and without some way of transmitting the session ID on every request, a session can't work. If you've ever noticed URLs with ";jsessionid=xxxxxxxxxxx" at the end, that's what it's all about.
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How is this related to JSF?
I would pick the Servlet forum or the intermediate Java forum.
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!