[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTPAPI to SSL Website

To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: HTTPAPI to SSL Website
From: "Juracich, Jon" <Jon.Juracich@xxxxxxxxxxx>
Date: Thu, 26 Jun 2008 13:41:06 -0400
Accept-language: en-US
Acceptlanguage: en-US
In-reply-to: <4863CF56.9060200@xxxxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
References: <AF4D9F5259C864428FA90466954230F40B82A5DE55@xxxxxxxxxxxxxxxxxxxxxxxx>, <AF4D9F5259C864428FA90466954230F40B82A5DE56@xxxxxxxxxxxxxxxxxxxxxxxx> <AF4D9F5259C864428FA90466954230F40B82A5DE58@xxxxxxxxxxxxxxxxxxxxxxxx>, <4862CC13.4080806@xxxxxxxxxxxxxxxx> <AF4D9F5259C864428FA90466954230F40B82A5DE5B@xxxxxxxxxxxxxxxxxxxxxxxx>, <4863CF56.9060200@xxxxxxxxxxxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
Thread-index: AcjXsNPVZWqt8FptSOKPCr5p3LUoegAAdZd0
Thread-topic: HTTPAPI to SSL Website

Scott:

OK - those explanations of the cookies and persistent connections make
perfect sense (as most things do when you understand them!).

By a "cheat sheet" I meant something that might say, for example,
to do an HTTPS transaction, you do:

https_init();
http_get;
http_post;
http_close;

Don't get me wrong - your example programs are extremely good
and I wouldn't have ANY clue if not for them. But if there were a
"simple" diagram or "script" that showed the steps necessary to handle
a "multi-step" transaction. Does that make sense? Sort of a "lather,
rinse, repeat" kind of thing...

I'll keep poking at it and see if I can make it work by blind luck(!).

Thanks for your help on this - I really appreciate it. If you need additional
info or whatever, just let me know.

Thanks again.

Jon Juracich
________________________________________
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement [sk@xxxxxxxxxxxxxxxx]
Sent: Thursday, June 26, 2008 1:18 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: HTTPAPI to SSL Website

Hi Jon,

> The site does appear to be using cookies - it appears to (try) store
> a "JSESSIONID" cookie in a directory called /CFLC. I don't see this
> in /tmp, nor do I see it anywhere on my local PC when I connect to
> the site via Firefox. I'm also explicitly turning cookies *ON, BTW.

The "path" presented in the cookie is not related to a directory in your
IFS.  Instead, it's related to the URL that you send/receive from their
web server.

In other words, your jsessionid cookie should ONLY be sent to their web
server if the URL starts with "http[s]://servername/cflc".  If that
/cflc isn't there after the server name, the cookie should not be sent
to them.

> Can you point me in the direction of a "cheat-sheet" that would
> describe the pieces needed (and the order that they need to be used)
> for HTTPAPI? That would REALLY be handy.

I'm not really sure what you're asking for.


> I have absolutely no idea if I'm connecting to the same server or not
> on alternate requests - is there a way to determine this?

I'd suggest eliminating the calls to the persist functions.  Just call
http_url_get() and http_url_post() (or their "raw" variants).  Then it
doesn't matter.

All the persist functions do is provide a means of maintaining the
connection between calls to improve performance.  In other words, if I
want to do the following requests:

       http://www.scottklement.com/test.php?id=1001
       http://www.scottklement.com/test.php?id=1002
       http://www.scottklement.com/test.php?id=1003

All of the requests are to the same server (www.scottklement.com) so
it's silly to connect, send the first request, disconnect, then connect
again, send request2, disconnect, etc.  Sure, connecting/disconnecting
with each request will still work, but the connection process takes
time, so it'll hurt performance.

If, instead, I connect, send request1, send request2, send request3,
disconnect it'd be much faster.  That's what the "persist" routines do,
they let you connect to the server once, issue several requests, and
then disconnect.

The burning issue, however, is that all requests have to go to the same
server.  If the requests are for multiple servers, the
disconnect/reconnect is manditory since you need to talk to a completely
different machine.


> I've included a "cut down" version of the debug file here, removing
> certificate information, most of the HTML, etc.

That's fine.

What I notice in your debug file is that the cookie name is uppercase
when it's sent to you, and lowercase when it's sent back to the server.
  I wonder if that matters?  I'll have to do some research...
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: HTTPAPI to SSL Website
  - From: Scott Klement

References:
- HTTPAPI to SSL Website
  - From: Juracich, Jon
- Re: HTTPAPI to SSL Website
  - From: Scott Klement
- RE: HTTPAPI to SSL Website
  - From: Juracich, Jon
- Re: HTTPAPI to SSL Website
  - From: Scott Klement

Prev by Date: Re: HTTPAPI to SSL Website
Next by Date: Re: HTTPAPI to SSL Website
Previous by thread: Re: HTTPAPI to SSL Website
Next by thread: Re: HTTPAPI to SSL Website
Index(es):
- Date
- Thread