I have and android app which talks with the sevlets. The login is sessioned, I am able to generate sessionid and sessionname and pass it down to the app. I am setting the sessionid and sessionname in the login page, like this
session.setAttribute("sessionid",session.getId());
session.setAttribute("sessionname","name");
I am receiving those things from the app. But in the servlet when I do
String id = session.getAttribute("sessionid");
It returns null.
How is this caused and how can I solve it?
Update:
For subsequent request I am sending the sessionid and sessionname as a header in httppost.
Like this.
sessionname has the sessionname value received from the server.
and sessionid has the sessionid value received from the server.
httppost.setHeader("Session",sessionname+"="+sessionid);
and in the server side i am getting those things like this
String session = request.getHeader("Session");
String sessionname = session.substring(0,session.indexOf("="));
String sessionid = session.substring(session.indexOf("="));
So now i have got both sessionname and sessionid in those variables, i check them against the session object like this
if(session.getAttribute("sessionname").equals(sessionname) && session.getAttribute("sessionid").equals(sessionid))
this is where i get null. Not for the variables i have taken but for the session object method,
getAttribute("sessionname") and getAttribute("sessionid")
returns null
String cookie = CookieManager.getInstance().getCookie("http://mydomainname.com");
Get cookie of this connection, and in your connection add this cookie, this will provide it with the session of your connection.
Try to send the session id in the url like ....;jsessionid=xxx
Related
I have a Xamarin Forms app where I share cookies between the Webview and HttpClient by grabbing them after a login. On iOS this works fine, on Android I have the following issue:
If the cookie is created as the result of a HTTPClinet Api call, then deleted (expired) using either a WebView or HttpClient the cookie is no longer in the cookie list. When using HttpClient the HttpClientHandler.CookieContainer has a count of 0.
If the cookie is created using a WebView and deleted using another WebView the cookie is no longer in the cookie list.
If the cookie is created using a WebView and deleted using a HTTPClient Api call the expiration does not happen and the cookie is still in the HttpClinet's HttpClinetHandler's CookieContainer, I can see that the count is not 0.
If I look at the HttpResponse I see the expired cookie in the header:
"MyTestCookie=; expires=Wed, 28-Feb-2018 21:25:08 GMT; path=/; HttpOnly"
If I look further into the CookieContainer the m_domainTable has 2 entries, one for my ip with no cookies, and one for my ip preceded with a "." that contains the cookie that should be expired/deleted but it is not expired and has the original value.
The server code that creates the cookie for both the Api call and MVC Page is:
var cookie = new HttpCookie("MyTestCookie");
cookie.HttpOnly = true;
cookie.Values["token"] = "309d530f956ac04";
cookie.Expires = DateTime.Now.AddDays(1);
Response.Cookies.Add(cookie);
and the code that Deletes / Expires it is:
if (Request.Cookies["MyTestCookie"] != null)
{
var cookie = new HttpCookie("MyTestCookie");
cookie.HttpOnly = true;
cookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(cookie);
}
Is this a bug, or am I missing something?
The post Play Games Permissions are changing in 2016 explains how to get the Play Games player ID on a server. I can successfully get the access token on the server, but I can't get this step to work:
Once you have the access token, call www.googleapis.com/games/v1/applications/yourAppId/verify/ using that
access token. Pass the auth token in a header as follows:
“Authorization: OAuth ” The response value will contain
the player ID for the user.
I'm trying to do that in Google App Engine using:
accessToken = ...; //-- I can always get this successfully
URL url = new URL(String.format("https://www.googleapis.com/games/v1/applications/%s/verify/",myAppId));
HTTPRequest request = new HTTPRequest(url, HTTPMethod.GET);
HTTPHeader httpHeader = new HTTPHeader("Authorization: OAuth",accessToken);
request.addHeader(httpHeader);
HTTPResponse httpResponse = urlFetchService.fetch(request);
The response always return code 401. How can I debug?
An identical issue (sort of) indicates that you'll have to set the header differently (not using HttpHeader).
httppost.setHeader("Authorization", "Bearer "+accessToken);
Hopefully this can fix your issue.
The problem was with the header, it should be added like this:
HTTPHeader httpHeader = new HTTPHeader("Authorization","OAuth " + accessToken);
I'm trying to do a test request to a server to determine whether if my session id is still valid or not:
Connection.Response testRequest = Jsoup.connect(URL)
.method(Method.GET)
.cookie(SESSION_KEY, sessionId)
.execute();
If it's still valid, I will access the page that I'm after. However, if the sessionId isn't valid, I will get redirected to a sign in page instead.
My problem is that if I check the testRequest.statusCode(), it'll say 200 a.k.a. "OK", regardless if it was a valid session id or not.
In case I use an invalid session, I get redirected (status code 302) to the login page. But jsoup only seems to capture the page/status after I'm redirected.
Is there any way to get the "first" status code? Or should I use HttpClient for this instead of jsoup?
Here is my solution in case someone's interested:
Connection.Response testRequest = Jsoup.connect(URL)
.method(Method.GET)
.followRedirects(false) // <-- did the trick
.cookie(SESSION_KEY, sessionId)
.execute();
I have an android client that receives JSON data from an app engine servlet. I am also able to get the Authentication cookie. Now, I want to get the User from the request to the servlet.
Servlet Code:
`User user = (User) req.getAttribute("user");
String cookie = (String) req.getHeader("Cookie");
if(user == null){
UserService userService = UserServiceFactory.getUserService();
user = userService.getCurrentUser();
}`
Android Post:
HttpGet get = new HttpGet(Setup.PROD_URL+"/viewselectedclass");
SharedPreferences prefs = Util.getSharedPreferences(getBaseContext());
String cookie = prefs.getString(Util.AUTH_COOKIE, null);
get.setHeader("Cookie", cookie);
client = new DefaultHttpClient();
HttpResponse r = client.execute(get);
I'm setting the auth cookie in the header of the HttpGet request. I believe this cookie must be used to identify the user on the server. But in the servlet, it says the users object is null.
How do I send a request from Android to App engine to get the current user. I must be missing something here.
Okay, I solved this by creating my own datastore entity called MyUser, sent the ID generated by the datastore during registration to the android client and used this ID to identify the user in all further requests. I'm not using the UserService from GAE at all.
im calling a web service with ksoap,and i want to maintain the session within the web service, im trying to set the session cookie, but from the service response i dont get the session cookie with the session ID, im doing this:
URLConnection connection = new URL(url).openConnection();
String cookies = connection.getHeaderFields().toString();
and in the output there is no Cookie header, there are only these headers:
cache-contro=[private], content-type=[.....], server=[Microsoft-IIS/7.5],
x-aspnet-version=[.....], x-powered-by=[ASP.NET], date=[......],
content-length=[.....] }
I tested the service from a web browser and the session works, but doesnt return session cookie from an android app. Do u know wht is the problem??
Before my service method i have declared:
[ScriptMethod]
[WebMethod(EnableSession = true)]
Im using ksoap 2.6.1 library