Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>On authentication using form fields in a web page, what happens is the following:</p> <ol> <li>You access a login page. The server marks your session using one of the following methods: <ul> <li>Session cookie, present in the HTTP Response headers. You should store this cookie and resend it afterwards.</li> <li>Redirect to a new URL in which the session is marked (http://localhost:8080/?sessionKey=3292n9fafjwagwao2903j2fswioanw)</li> <li>(sometimes) hidden HTML form or Javascript variable which contains the session key and which is POST'ed on every click of a link.</li> </ul></li> <li>Let us suppose the server uses cookies. You then do a POST request containing: <ul> <li>The cookie you received.</li> <li>Your username and password in the POST data</li> </ul></li> <li>The server now marks your session as "logged in" and may even give you a new or extra session identifier.</li> <li>You then access a secured resource, providing a session identifier proving you are logged in.</li> </ol> <p>You can follow this process very nicely using the Google Chrome Developer Network view (press CTRL+SHIFT+J, go to Network.</p> <p>How do you translate this to Java code?</p> <ol> <li>Do initial request to login page. Recover session cookie from HTTP headers.</li> <li>Do a POST to the login form destination. Include the session cookie in the HTTP request header and the username/password in the POST data. Recover the session cookie from HTTP headers.</li> <li>Now access the protected resource. Include the session cookies in the HTTP request header.</li> </ol> <p>Of course, there are other ways of authenticating users at the webserver level (HTTP BASIC authentication, NTLM...), as explained by other answers here. The above method only works for HTML FORM-based authentication (as used by Facebook, Dropbox, ... and almost all major websites out there)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload