chulland
asked on
How do I access a session variable (created by a java servlet) with perl or CGI?
I have a website with many user utilities all of which are Java servlet based. My sign on authentication is servlet based.
However I still have a Perl/CGI based webmail system which I have to re-login into even if already logged in by my main login system. The login facility of the Email system is simply a random number with a time and IP stored in a file in that users directory whereas the the java login is a true session variable as in ASP.
My problem is simple, I need to integrate the CGI mail system by getting it to just read the session variable for that particular user.... for the life of me I can't find out how!
Once I re-write the Email system in Java I won't have this problem but I need this interim solution.
However I still have a Perl/CGI based webmail system which I have to re-login into even if already logged in by my main login system. The login facility of the Email system is simply a random number with a time and IP stored in a file in that users directory whereas the the java login is a true session variable as in ASP.
My problem is simple, I need to integrate the CGI mail system by getting it to just read the session variable for that particular user.... for the life of me I can't find out how!
Once I re-write the Email system in Java I won't have this problem but I need this interim solution.
ASKER
What cookie !!! I didn't realise creating a session variable made a cookie.
In a Java servlet all I do to make a new session variable is the following :-
// Check for an active session, else make a new one
session = req.getSession(true);
// Set session variable user.id to username.
session.putValue("user.id"
This does not store any information on the client machine. If it is a cookie then please show me how to do this in PERL.
In a Java servlet all I do to make a new session variable is the following :-
// Check for an active session, else make a new one
session = req.getSession(true);
// Set session variable user.id to username.
session.putValue("user.id"
This does not store any information on the client machine. If it is a cookie then please show me how to do this in PERL.
how can it not store info (at least for the length of the session) on the client machine?
it has to...the data has to be somewhere...there has to be at least a session key on the client, otherwise the server cannot tell them apart.
I oversimplified when I said it's JUST a cookie, it is MAINLY a cookie...
It is a cookie + cookie control...in other words, ... they only last as long as you are on the site...they often incorporate ip address tracking, etc.
your biggest issue is this... you have to make your "session" last outside of jsp...which is going to be a problem....because the default behavior is to end the session (and erase the cookie) when you leave the jsp page.
since I don't know jsp, I can't tell you how to do that.
but, I can tell you that you can write the same info to a cookie explicitly and set no expiry, and then it will last until the browser is closed, and then you can pick up the login from the cookie using perl.
to manipulate cookies in perl, you
use CGI::Cookie;
%allCookies=fetch CGI::Cookie;
then you have a hash, %allCookies, with all the cookies in it, their names are the keys.
hope that clears it up a little.
keep in mind what you have available to you through http...
you have a post and get method, you have cookies and a few enviroment variables like ip address, referer and such. Let you solution be based on these inevitables.
Bob
it has to...the data has to be somewhere...there has to be at least a session key on the client, otherwise the server cannot tell them apart.
I oversimplified when I said it's JUST a cookie, it is MAINLY a cookie...
It is a cookie + cookie control...in other words, ... they only last as long as you are on the site...they often incorporate ip address tracking, etc.
your biggest issue is this... you have to make your "session" last outside of jsp...which is going to be a problem....because the default behavior is to end the session (and erase the cookie) when you leave the jsp page.
since I don't know jsp, I can't tell you how to do that.
but, I can tell you that you can write the same info to a cookie explicitly and set no expiry, and then it will last until the browser is closed, and then you can pick up the login from the cookie using perl.
to manipulate cookies in perl, you
use CGI::Cookie;
%allCookies=fetch CGI::Cookie;
then you have a hash, %allCookies, with all the cookies in it, their names are the keys.
hope that clears it up a little.
keep in mind what you have available to you through http...
you have a post and get method, you have cookies and a few enviroment variables like ip address, referer and such. Let you solution be based on these inevitables.
Bob
ASKER
Thanks for your reply.
Ok I just read through an article on Sun's site about session variables on server side servlets.
"The session tracking provided by the servlet API is implemented by session cookies. These cookies are different than the normal cookies (which remain there even if you close the browser window) because they are there in the browser's memory and are not stored on the computer. As you close the instance of the browser the cookie dies."
So the cookie information is memory resident in the browser not stored. Do you think this method you gave will still recover the information I require?
I'm going have a play myself and see, I have never seen any other questions regarding accessing Java servlet sessions through CGI so this thread may be usefull to others.
PS I don't use JSP ... its all HTML/FLASH calling servlets direct.
Thanks
Ok I just read through an article on Sun's site about session variables on server side servlets.
"The session tracking provided by the servlet API is implemented by session cookies. These cookies are different than the normal cookies (which remain there even if you close the browser window) because they are there in the browser's memory and are not stored on the computer. As you close the instance of the browser the cookie dies."
So the cookie information is memory resident in the browser not stored. Do you think this method you gave will still recover the information I require?
I'm going have a play myself and see, I have never seen any other questions regarding accessing Java servlet sessions through CGI so this thread may be usefull to others.
PS I don't use JSP ... its all HTML/FLASH calling servlets direct.
Thanks
ASKER
After playing with the following code :-
#!/usr/bin/perl
%cookies = &getCookies;
foreach $name (keys %cookies) {
print "\n$name = $cookies{$name}";
}
sub getCookies {
local(@rawCookies) = split (/; /,$ENV{'HTTP_COOKIE'});
local(%cookies);
foreach(@rawCookies){
($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}
return %cookies;
}
--------------------------
This return all cookies current in the browser. I went and logged in on my server through a servlet then called this perl script ... it returned the following:-
JServSessionIdwdacbco2 = bztzhkkd67
OK so I have a cookie !!! But how was I to know its name would be JServSessionIdwdacbco2 ? My servlet does not need to set a name to activate a session because the Javaserver obviously only looks for this named cookie on the browser.
With this cookie name I should now ne able to pull back the user id associated with it.
Comments please?
#!/usr/bin/perl
%cookies = &getCookies;
foreach $name (keys %cookies) {
print "\n$name = $cookies{$name}";
}
sub getCookies {
local(@rawCookies) = split (/; /,$ENV{'HTTP_COOKIE'});
local(%cookies);
foreach(@rawCookies){
($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}
return %cookies;
}
--------------------------
This return all cookies current in the browser. I went and logged in on my server through a servlet then called this perl script ... it returned the following:-
JServSessionIdwdacbco2 = bztzhkkd67
OK so I have a cookie !!! But how was I to know its name would be JServSessionIdwdacbco2 ? My servlet does not need to set a name to activate a session because the Javaserver obviously only looks for this named cookie on the browser.
With this cookie name I should now ne able to pull back the user id associated with it.
Comments please?
ASKER
OK stumped again.
How do I return the variable user.id which is associated with this session id?
JServSessionIdwdacbco2 = bztzhkkd67
How do I return the variable user.id which is associated with this session id?
JServSessionIdwdacbco2 = bztzhkkd67
yes, now you got it, that is not the data, but a key to the data resting on the server, and controlled by your jsp program.
so, you either need to find out where the session data is kept (and also make sure it doesn't get erased when the user leaves the jsp pages)
or if security is an issue, and you can't read the session data from the server for some reason, you can use some sort of one way encryption to encrypt the user name and password, and then test the encryped value with your perl script.
since this is just a temporary cookie, strong encryption isn't really necessary, so you could even use your own encryption routine...
anyway, you are on the right track now, see if you can find where the session data gets stored...or if there are ways you can maybe write it to a file in plain text for perl to read...you could write the session key and the uname and pw.
Bob
so, you either need to find out where the session data is kept (and also make sure it doesn't get erased when the user leaves the jsp pages)
or if security is an issue, and you can't read the session data from the server for some reason, you can use some sort of one way encryption to encrypt the user name and password, and then test the encryped value with your perl script.
since this is just a temporary cookie, strong encryption isn't really necessary, so you could even use your own encryption routine...
anyway, you are on the right track now, see if you can find where the session data gets stored...or if there are ways you can maybe write it to a file in plain text for perl to read...you could write the session key and the uname and pw.
Bob
ASKER
You keep mentioning JSP's and exiting my JSP pages.
I don't use JSP, only server side servlets. My main pages are in Flash / HTML, my flash calls the servlets just as it would do a CGI script.
I can go browse the internet elsewhere and come back to my site and I will still be classed as logged on. The session ends when the browser is closed.
I still do not know how to get the variable user.id which is associated with this session id with Perl.
JServSessionIdwdacbco2 = bztzhkkd67
I don't use JSP, only server side servlets. My main pages are in Flash / HTML, my flash calls the servlets just as it would do a CGI script.
I can go browse the internet elsewhere and come back to my site and I will still be classed as logged on. The session ends when the browser is closed.
I still do not know how to get the variable user.id which is associated with this session id with Perl.
JServSessionIdwdacbco2 = bztzhkkd67
because it is kept somewhere on the server in a file for that purpose... you either have to find it or explictly pass it through another cookie, or write it to yet another file that perl can then read.
ASKER
So let me get this right,
You are telling me that I've found the cookie that is resident on my browser, however, it only contains the session ID NOT all of its associated data. This is just what I said in the beginning, its the Webserver that is holding the variables associated with this session ID.
All I need to do is find out the variable called user.id which is associated with that session ID ....
The question remains HOW in CGI/Perl.
You are telling me that I've found the cookie that is resident on my browser, however, it only contains the session ID NOT all of its associated data. This is just what I said in the beginning, its the Webserver that is holding the variables associated with this session ID.
All I need to do is find out the variable called user.id which is associated with that session ID ....
The question remains HOW in CGI/Perl.
no,
your problem is that you do not understand how to handle the session in java...and I don't think you are understanding what a session really is.
there is no question about how to do it in perl...
I already told you how get the session key from the cookie using perl...that is all you should need..
from there, you have many options as to how to get the session data using the session key, which I have already described to you...
if you need help with java sessions, try asking in the java ta.
of course, you should know as much that none of the variables you make in java are available to your perl program...
they have to be from COOKIE or from FILE THAT IS IT!!
your problem is that you do not understand how to handle the session in java...and I don't think you are understanding what a session really is.
there is no question about how to do it in perl...
I already told you how get the session key from the cookie using perl...that is all you should need..
from there, you have many options as to how to get the session data using the session key, which I have already described to you...
if you need help with java sessions, try asking in the java ta.
of course, you should know as much that none of the variables you make in java are available to your perl program...
they have to be from COOKIE or from FILE THAT IS IT!!
ASKER
WHAT !
I FULLY understand session handling in Java. My whole site works on session handling in Java, All my session variables are maintained that way.
All I am saying is that I am NOT a CGI/Programming expert and do not fully understand how to cross between the two.
That is why I am asking the question in the CGI programming section.
In a java servlet all I have to do to generate a session is:-
HttpSession session = req.getSession(false);
session = req.getSession(true); // Get new session
session.putValue("user.id"
All I have to do to check if a users session is valid in a java servlet is:-
session = req.getSession(false);
if (session==null)
{
// No session ... kick them off.
}
else
{
// They have a session.
session.getValue("user.id"
}
As you see its simple in Java and I DO fully understand and use them. All I need is help to the same as above but in a CGI file rather than a Java servlet. We have already established that the Java server stores a memory resident cookie with the session ID on the browser, I just need help with the CGI part of retrieving data attached to it.
I FULLY understand session handling in Java. My whole site works on session handling in Java, All my session variables are maintained that way.
All I am saying is that I am NOT a CGI/Programming expert and do not fully understand how to cross between the two.
That is why I am asking the question in the CGI programming section.
In a java servlet all I have to do to generate a session is:-
HttpSession session = req.getSession(false);
session = req.getSession(true); // Get new session
session.putValue("user.id"
All I have to do to check if a users session is valid in a java servlet is:-
session = req.getSession(false);
if (session==null)
{
// No session ... kick them off.
}
else
{
// They have a session.
session.getValue("user.id"
}
As you see its simple in Java and I DO fully understand and use them. All I need is help to the same as above but in a CGI file rather than a Java servlet. We have already established that the Java server stores a memory resident cookie with the session ID on the browser, I just need help with the CGI part of retrieving data attached to it.
no you don't fully understand them if you don't know how they work!!
that is the problem...
if you fully understood them, then you would know where the session data is kept on the disk...
if you don't know where that data is, then you have to make it avaiable manually...
in other words, you open a file output stream and print the variables usename, password, and the value of the cookie to the file.
Then, your perlscript reads the cookie, opens the same file, and checks to see if there is a valid login...
if you do not know how to write to a file in java, then you are stuck, and need to ask in java
that is the problem...
if you fully understood them, then you would know where the session data is kept on the disk...
if you don't know where that data is, then you have to make it avaiable manually...
in other words, you open a file output stream and print the variables usename, password, and the value of the cookie to the file.
Then, your perlscript reads the cookie, opens the same file, and checks to see if there is a valid login...
if you do not know how to write to a file in java, then you are stuck, and need to ask in java
ASKER
WHAT !
I FULLY understand session handling in Java. My whole site works on session handling in Java, All my session variables are maintained that way.
All I am saying is that I am NOT a CGI/Programming expert and do not fully understand how to cross between the two.
That is why I am asking the question in the CGI programming section.
In a java servlet all I have to do to generate a session is:-
HttpSession session = req.getSession(false);
session = req.getSession(true); // Get new session
session.putValue("user.id"
All I have to do to check if a users session is valid in a java servlet is:-
session = req.getSession(false);
if (session==null)
{
// No session ... kick them off.
}
else
{
// They have a session.
session.getValue("user.id"
}
As you see its simple in Java and I DO fully understand and use them. All I need is help to the same as above but in a CGI file rather than a Java servlet. We have already established that the Java server stores a memory resident cookie with the session ID on the browser, I just need help with the CGI part of retrieving data attached to it.
I FULLY understand session handling in Java. My whole site works on session handling in Java, All my session variables are maintained that way.
All I am saying is that I am NOT a CGI/Programming expert and do not fully understand how to cross between the two.
That is why I am asking the question in the CGI programming section.
In a java servlet all I have to do to generate a session is:-
HttpSession session = req.getSession(false);
session = req.getSession(true); // Get new session
session.putValue("user.id"
All I have to do to check if a users session is valid in a java servlet is:-
session = req.getSession(false);
if (session==null)
{
// No session ... kick them off.
}
else
{
// They have a session.
session.getValue("user.id"
}
As you see its simple in Java and I DO fully understand and use them. All I need is help to the same as above but in a CGI file rather than a Java servlet. We have already established that the Java server stores a memory resident cookie with the session ID on the browser, I just need help with the CGI part of retrieving data attached to it.
ASKER
Bloody thing entered the last one twice... anyway.
In java I have no need to write session variables to file, the java server handles all connections, sessions and session variables. It is only now I've come into the realms of CGI that it looks like I have to store the information on my webspace just so the CGI script can check against it.
So is that the only way?
In java I have no need to write session variables to file, the java server handles all connections, sessions and session variables. It is only now I've come into the realms of CGI that it looks like I have to store the information on my webspace just so the CGI script can check against it.
So is that the only way?
well, no, you can put the whole thing in a cookie like I mentioned earlier...
use some sort of encryption (a basic idea would be to convert each charcter into its character code ...very basic)
then write the values of username and password to a cookie as well, (FROM Java servelet)
then you can easily read and decrypt them in perl
if you can't do that, then yes, you are stuck having to write to files, which is the easiest, safest method.
but other than that...there is no other way..because that is the only way every one uses.
Good Luck,
Bob
use some sort of encryption (a basic idea would be to convert each charcter into its character code ...very basic)
then write the values of username and password to a cookie as well, (FROM Java servelet)
then you can easily read and decrypt them in perl
if you can't do that, then yes, you are stuck having to write to files, which is the easiest, safest method.
but other than that...there is no other way..because that is the only way every one uses.
Good Luck,
Bob
ASKER
I think I have found an easy and secure solution.
If I store the present session ID in the SQL database with his other information when logging in then I can do a search for a matching ID in the cookie the CGI program gets.
my $dsn = 'DBI:mysql:mydomain:localh
my $db_username = 'username';
my $db_password = 'password';
my $dbh = DBI->connect($dsn, $db_username, $db_password);
my $statement = "SELECT id FROM login_table WHERE session = \'$session\'";
my $sth = $dbh->prepare($statement);
$sth->execute;
my $stored_id = $sth->fetchrow_array();
$sth->finish();
$dbh->disconnect();
This should return the user.id for that session, if not there is no session active.
Make sense?
If I store the present session ID in the SQL database with his other information when logging in then I can do a search for a matching ID in the cookie the CGI program gets.
my $dsn = 'DBI:mysql:mydomain:localh
my $db_username = 'username';
my $db_password = 'password';
my $dbh = DBI->connect($dsn, $db_username, $db_password);
my $statement = "SELECT id FROM login_table WHERE session = \'$session\'";
my $sth = $dbh->prepare($statement);
$sth->execute;
my $stored_id = $sth->fetchrow_array();
$sth->finish();
$dbh->disconnect();
This should return the user.id for that session, if not there is no session active.
Make sense?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alas !!! After much hard graft I now have my CGI based webmail running on the same authentication as my Java servlet code.
I did in the end store the session ID in my SQL database and pulled the browser one back in the CGI webmail. All I had to do is then do a SQL query for that ID in the database and if it was there then return the user.id back to the webmail.
Thanks for your time Bob, even though we were getting a little heated at one point :) If you want the code to look at then just say so.
Cheers
I did in the end store the session ID in my SQL database and pulled the browser one back in the CGI webmail. All I had to do is then do a SQL query for that ID in the database and if it was there then return the user.id back to the webmail.
Thanks for your time Bob, even though we were getting a little heated at one point :) If you want the code to look at then just say so.
Cheers
thanks,
I am glad you got your answer...
I was simply frustrated, because I knew you wanted more,...but there really isn't more to sessions :)
glad you have it working, that's no small feat...
Regards,
Bob
I am glad you got your answer...
I was simply frustrated, because I knew you wanted more,...but there really isn't more to sessions :)
glad you have it working, that's no small feat...
Regards,
Bob
hey, this q put me up over 100k pts!
thanks man!
:)))))))))))))))))))))))))
thanks man!
:)))))))))))))))))))))))))
asp style sessions is just a cookie
there is no real "session" as http is stateless