0

I'm consuming some web services done in java using a Rest architecture, my client it's a mobile application that uses HttpConnection to retrieve the data. In order to control authentication and authorization I'm using cookies, managed by a @SessionScoped class, however I don't know how to make the session persist through requests. The problem basically is that I inject the Session manager in other services that are @RequestScoped, however since the session is not persisted I always retrieve differente instances for the @SessionScoped class, thus deleting all the cookies or records I had before. Looking at the request headers I noticed the cookie JSESSIONID, I think this is sent by tomcat in order to persist session, so tried already to send the same cookie in the next request, however I got no results.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Pablo
  • 3,433
  • 7
  • 44
  • 62
  • When you say "HttpConnection", do you actually mean `HttpURLConnection`? If so, head on to this: http://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests – BalusC Feb 03 '12 at 16:28
  • No... unfortunately I'm using JavaME, that's why it is HttpConnection – Pablo Feb 03 '12 at 16:54
  • In my headers I'm receinving something like this Header: 1, Set-Cookie : JSESSIONID=C2j31psXI5bEhlXwXdormU3L; Path=/simple-login; Secure – Pablo Feb 03 '12 at 16:58
  • You need to send it back as header with name of `Cookie` and value of `JSESSIONID=C2j31psXI5bEhlXwXdormU3L`. – BalusC Feb 03 '12 at 17:00
  • Found the problem.. since it is JavaME httpConnection the headers are set in the following way: connection.setRequestProperty("Cookie","sessionId="+ApplicationPreferences.getInstance().getSessionCookieHeader()); connection.setRequestProperty("Cookie","JSESSIONID="+ApplicationPreferences.getInstance().getJavaSessionCookieHeader()); However it's overwriting the Cookie attribute, how can I add many request properties with the same name?? – Pablo Feb 03 '12 at 17:07
  • Isn't there an `addRequestProperty()` method? – BalusC Feb 03 '12 at 17:15
  • The solution was to concatenate the cookie values and just set one requestProperty with the name Cookie String myCookies="sessionId="+ApplicationPreferences.getInstance().getSessionCookieHeader()+"JSESSIONID="+ApplicationPreferences.getInstance().getJavaSessionCookieHeader(); connection.setRequestProperty("Cookie",myCookies); – Pablo Feb 03 '12 at 17:15

1 Answers1

0

The comments were right... to persist a session you just have to send the JSESSIONID cookie back to server in the next request, the problem in this case was that HttpConnection in JavaME only has the setRequestProperty method to include a header value, now if you set the same value two times it overwrites the last one. Since I was using a custom cookie and the JSessionID cookie, I setted them in the following way:

connection.setRequestProperty("Cookie","sessionId="+ApplicationPreferences.getIn‌​stance().getSessionCookieHeader()); 
connection.setRequestProperty("Cookie","JSESSIONID="+ApplicationPreferences‌​.getInstance().getJavaSessionCookieHeader());

When the correct way to do it is concatenate the cookie strings and then setting a Cookie header with them all:

String myCookies="sessionId="+ApplicationPreferences.getInstance().getSessionCookieHead‌​er()+";"+"JSESSIONID="+ApplicationPreferences.getInstance().getJavaSessionCookieHeade‌​r();
Pablo
  • 3,433
  • 7
  • 44
  • 62