In my Flex application I need to authenticate to a j_security_check form (which seems like a popular means of authentication), supplying j_username and j_password fields as parameters in an HTTP POST request. I intend to do so with a simple HTTPService (the other option known to me being URLLoader, but it provides the same result). Having sent a POST request, I wait for a response containing jsessionid as a SetCookie. However, I get an html page, that should appear only after I receive the jsessionid.
Here is what that actually looks like in terms of HTTP packets:
- My POST request to
[baseurl]/j_security_checkcontainingj_usernameandj_password - An HTTP Status 302 response containing the
jsessionidas aSetCookie - A GET request (I am not sending it!) from my application to
[baseurl]/login.jspcontaining only ajsessionidthat was received with the previous packet. - An HTTP Status 200 response containing an html page that should be viewed in a web browser upon a successful login.
I need the value of jsessionid to use with a different, SOAP-based webservice as means of authentication. But I can't seem to obtain it - Flex HTTPService silently catches the 302 response and sends the next GET; afterwards the cookie is nowhere to be found.
..however, the cookie is definitely cached somewhere in Flex, because it is supplied to all further requests to this server from any HTTPService instance!
I wonder if it is going to work with the webservice. Hence my question: how can I obtain the value of this cookie in Flex?
Apparently, after receiving a
setCookieHTML header, Flex supplies it to any consequent HTTP requests - be it anHTTPServiceor a SOAPWebService. I haven't found a way to obtain the value of thissetCookie, but this situation works for my case anyway.UPDATE: This is a confirmed bug at Adobe Flex JIRA: http://bugs.adobe.com/jira/browse/SDK-15049 resolution "deferred"