From: Daniel Pitts on
Lothar Kimmeringer wrote:
> Daniel Pitts wrote:
>
>> Try setting a cookie instead, that is more likely to succeed. Otherwise
>> you'll need to proxy the request, rather than redirect.
>
> I doubt that you can set a cookie for a different domain than
> the one you are serving.
Was that a requirement that I missed? I saw nothing about domains at all
in the OPs post.
--
Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>
From: Lothar Kimmeringer on
Daniel Pitts wrote:

> Lothar Kimmeringer wrote:
>> Daniel Pitts wrote:
>>
>>> Try setting a cookie instead, that is more likely to succeed. Otherwise
>>> you'll need to proxy the request, rather than redirect.
>>
>> I doubt that you can set a cookie for a different domain than
>> the one you are serving.
> Was that a requirement that I missed? I saw nothing about domains at all
> in the OPs post.

If you

| [...] need to send a request to another web server

it's rare that the different webserver resides at the same
domain, but is somewhere else.


Regards, Lothar
--
Lothar Kimmeringer E-Mail: spamfang(a)kimmeringer.de
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong
questions!
From: eunever32 on
On Dec 5, 2:30 pm, Lothar Kimmeringer <news200...(a)kimmeringer.de>
wrote:
> Daniel Pitts wrote:
> > Lothar Kimmeringer wrote:
> >> Daniel Pitts wrote:
>
> >>> Try setting a cookie instead, that is more likely to succeed.  Otherwise
> >>> you'll need to proxy the request, rather than redirect.
>
> >> I doubt that you can set a cookie for a different domain than
> >> the one you are serving.
> > Was that a requirement that I missed? I saw nothing about domains at all
> > in the OPs post.
>
> If you
>
> | [...] need to send a request to another web server
>
> it's rare that the different webserver resides at the same
> domain, but is somewhere else.
>
> Regards, Lothar
> --
> Lothar Kimmeringer                E-Mail: spamf...(a)kimmeringer.de
>                PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)
>
> Always remember: The answer is forty-two, there can only be wrong
>                  questions!

Thanks for all the suggestions.
I tried the http://authority(a)server:port/

But this wasn't recognised.
I am not sure about the use of a cookie and anyway would this be a
cookie of the remote server of the local server?

I tried using URLConnection and this worked in our development
environment but not the live environment;(

So I then tried apache-commons HttpClient which worked(!) but the
JSESSIONID was not present in the returned html which meant any
further http requests returned "user/password not found." Could this
be because the server doesn't think the client supports cookies?

Any suggestions on how to proceed?

I would be happy with the HttpClient if it worked but am concerned
that it may not be future-proof (should the server side change in
future).
From: Daniel Pitts on
eunever32(a)yahoo.co.uk wrote:
> So I then tried apache-commons HttpClient which worked(!) but the
> JSESSIONID was not present in the returned html which meant any
> further http requests returned "user/password not found." Could this
> be because the server doesn't think the client supports cookies?
>
> Any suggestions on how to proceed?
>
> I would be happy with the HttpClient if it worked but am concerned
> that it may not be future-proof (should the server side change in
> future).
HttpClient from the apache-commons is a great toolkit.

Usually, JSESSIONID is set as a cookie. You will probably have to
inspect the response from the downstream server, and re-write the
cookies to match your domain. Then, when you make a request, make sure
that you pass the users cookies to the downstream server.

--
Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>
From: eunever32 on
On Dec 7, 8:01 pm, Daniel Pitts
<newsgroup.spamfil...(a)virtualinfinity.net> wrote:
> euneve...(a)yahoo.co.uk wrote:
> > So I then tried apache-commons HttpClient which worked(!) but the
> > JSESSIONID was not present in the returned html which meant any
> > further http requests returned "user/password not found." Could this
> > be because the server doesn't think the client supports cookies?
>
> > Any suggestions on how to proceed?
>
> > I would be happy with the HttpClient if it worked but am concerned
> > that it may not be future-proof (should the server side change in
> > future).
>
> HttpClient from the apache-commons is a great toolkit.
>
> Usually, JSESSIONID is set as a cookie.  You will probably have to
> inspect the response from the downstream server, and re-write the
> cookies to match your domain.  Then, when you make a request, make sure
> that you pass the users cookies to the downstream server.
>
> --
> Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>

Hi

Request 1: PC -> Tomcat -> LoadBalancer ->ServerNode
Request 2, 3, 4, 5 etc: PC->LoadBalancer->ServerNode
The arrangement is the first request to RemoteServer is as follows:
HttpClient originates on the Tomcat; html response is streamed into
response to the browser
!Subsequent requests from PC go directly to RemoteServer! Hence
missing cookie.


I know a little more about the issue and the problem is because we're
hitting a load-balancer first
and then a server-node behind the load-balancer.

If we bypass the load-balancer everything works.

However the requirement is to route through the load balancer.

There is a cookie required for the load-balancer which the browser is
not sending.

The jsessionid is okay because that's on the URL

I guess if I can get the Cookie into the browser that might work.

I have tried setting the Cookie in the response but didn't work.

This is the code:
String[] cookieParams = h.getValue().split(";");
String[] currentParam = cookieParams[0].split("=");
Cookie cookie = new Cookie(currentParam[0], currentParam[1]);
cookie.setDomain("load-balancer-host");
response.addCookie(cookie);

Does the setDomain look correct?

Is there an alternative way to test this? For example if jsessionid
can be passed in the URL,
can the cookie for the load-balancer-node also be set on the URL?
Because I did try this but to no avail.

Thoughts suggestions appreciated.