session object return null

Question

0.00/5 (No votes)

See more:

I'm trying to use java (client application) to post an html request , the request perform a simple login task , the login variable is stored in the session , after the login the program is redirected to another page (default2) ,on load the default2 page check the session , but it finds it null! , help :omg: ( the Java isn't a web host , its a j2se program )
the web application is asp

try {
    URL u = new URL("http://localhost:51132/WebSite5/Default.aspx?name=user&pass=password");
    HttpURLConnection uc = (HttpURLConnection) u.openConnection( );
    int code = uc.getResponseCode( );
    String response = uc.getResponseMessage( );
    System.out.println("HTTP/1.x " + code + " " +response);
for (int j = 1; ; j++) {
    String header = uc.getHeaderField(j);
    String key = uc.getHeaderFieldKey(j);
   if (header == null || key == null) break;
    System.out.println(uc.getHeaderFieldKey(j) + ": " +header);
    }
    InputStream in = new
    BufferedInputStream(uc.getInputStream( ));
    Reader r = new InputStreamReader(in);
    int c;
while ((c = r.read( )) != -1) {
    System.out.print((char) c);
   
    }
  
  }
catch (MalformedURLException ex) {
    System.err.println(args[0] + " is not a parseable URL");
}
catch (IOException ex) {
System.err.println(ex);
}

}

the code of default.aspx which is the page i use for login

protected void Page_Load(object sender, EventArgs e)
    {
        string name = Page.Request.QueryString["name"];
        string pass = Page.Request.QueryString["pass"];
        if (name.CompareTo("user") == 0 && pass.CompareTo("password") == 0) {
            Session["loged"]= "yes";
            Response.Redirect("Default2.aspx");
        }
    }

the code of default2.aspx th page where i check the session variable

protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["loged"] == null) {
            Response.Redirect("error.aspx");
        }
    }

Posted 23-Jul-10 7:16am

sector_9

Updated 24-Jul-10 5:33am

v6

Add a Solution

Comments

sector_9 24-Jul-10 13:09pm

I found out that When you create a new session (that is, the first time you write to a Session variable), ASP.NET sets a volatile cookie on the client that contains the session token. On all subsequent requests, and as long as the server session and the client cookie have not expired, ASP.NET can look at this cookie and find the right session.
i still have to find a way around this in the client I'm creating ( java program not web page ) ..help please

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

E.F. Nijboer · Answer 1 · 2010-07-23T09:45:00

Solution 1

First of all, the way you're implementing this now is flawed because you give both login and password in the url, This is absolutely not secure!

What you now are doing is setting up the session beginning somewhere in the middle. Further you have to understand, who is your client at this point? In the code you gave this would always be the server that executes the java code. Maybe this is the idea, but maybe not.

The best way to solve this is to create a simple asp page where you can login and can use to test if the login succeeds this way. You can then go further from there.

Good luck!

Posted 23-Jul-10 9:45am

E.F. Nijboer

Comments

sector_9 23-Jul-10 15:57pm

thank for the reply ... true , i know its extremely not secure , the point here isn't security its that the session terminate at the asp server ,i know i can make a simple asp page , but what i want is to maintain a session between the client (java ) and the server asp .

E.F. Nijboer 24-Jul-10 16:34pm

What I meant by making a simple asp page is to use it to test if this does work. By testing this you can rule out that there is another problem, for example that sessions are disabled on the server.

sector_9 25-Jul-10 12:55pm

i looked the problem and it appears to be that the asp.net server create a volatile validation cookie at the client side on creating the session for the first time , that cookie contain the session id , also any cookie created by the asp has a session id , i used the web.conf file to stop the asp server from using that cookie
<sessionstate
cookieless="true"
="">
that solved the problem and the system works good but when i published the website online i get an error caused by infinite redirection loop , i even tried using a simple page as you said but even that page doesnt open it goes in an infinite loop of redirection

E.F. Nijboer 26-Jul-10 11:46am

When you redirect there is no session available and is therefore sending you back to the login page. How did you configure your development environment? Are you sure you are logging in on your dev environment or is the java program simply entering the default2.aspx after a login that meant nothing really. Can you access the default2.aspx yourself without login using a browser?

sector_9 26-Jul-10 17:09pm

i created another simple java program and 2 simple asp pages to demonstrate my problem aside from the original project I'm doing , i uploaded the java application source code and the asp.net code to sector9.somee.com/v2_1.rar and sector9.somee.com/sector9.somee.com
you can also access the host I'm using its on somee.com username:sector9 password:123456789
that project I uploaded and currently deployed on the host work perfect on my machine in debug mode (ASP.net development server ) but when i deploy it it doesnt work ! it enter a redirect loop, the java program simply request the default.aspx and from it capture the session id then request the default2.aspx (by providing the session id in the url) , this work fine but when deployed it doesnt work at all !

E.F. Nijboer 27-Jul-10 13:11pm

I will dive into it more tomorrow. Do you also have the link to the simple java program? I didn't find it in the package. I also tried the link and firefox reported that the redirection would go into an infinite loop. The cookies aspxauth and ASP.NET_SessionId are still created. I also found another link that might have some information on this. It looks quite interesting and promising.

http://support.microsoft.com/kb/910439

sector_9 27-Jul-10 14:14pm

the java program sourse code is here sector9.somee.com/JavaApplication26.rar (developed on netbeans ).
thnx

E.F. Nijboer 29-Jul-10 9:20am

Well, the plan was to look at it yesterday but got a bit busy so didn't came further than installing 1Gb+ worth of JDK and NetBeans. Today I first had to eliminate the errors I got from IIS because microsoft in their infinite wisdom decided that modules and handlers needed some changing and making IIS version 6 and 7 incompatible to each other, even though VS2008 and their OS of 2008 named Vista R2 aka Windows 7 are of the same year... Well, this needed a compatibility pack of course (http://technet.microsoft.com/en-us/library/bb397374%28EXCHG.80%29.aspx) and after installing some other components the miracle occurred and could the page be accessed using IIS as host.
Well, as you maybe can tell I use windows 7 (ultimate by the way, although I can't find out what is so ultimate about it. I guess it's a riddle of microsoft trying to tell me U=You, lt=lower than, i=I, mate = mate -> "You lower than I mate!")

Except for the fact that it was quite some work getting it started, the java application is now perfectly working using the iis url. The problem I now have is that I can't really help because I can't reproduce it when debugging or using IIS.

Maybe later this day I will have a look on the server link you gave and check the values and compare them to the values I have here in IIS.

Christian Graus · Answer 2 · 2010-07-23T16:39:00

There is no way to maintain session between asp and ASP.NET, I doubt very much that it's possible for the session to exist between a java page and an aspx. How can it ? The session is stored ON THE SERVER, in the web host, and you're using two different web hosts, and two different frameworks. The way people got around this with asp and ASP.NET was to create a windows service which took the session id ( which is the same between the two ) and used that to read and write session values to pass between the two. If java can access a windows session, you will need to do the same. If not, you're screwed.

Of course you CAN pass data on the URL, but as has been noted, this is not something you'd use for anything that needs to be secure. Posting it to the page is also not secure, anything that comes from the client, can be tampered with.