Re: HTTPAPI to SSL Website

[Scott Klement <sk@xxxxxxxxxxxxxxxx>]

Hi Jon,

> The site does appear to be using cookies - it appears to (try) store
> a "JSESSIONID" cookie in a directory called /CFLC. I don't see this
> in /tmp, nor do I see it anywhere on my local PC when I connect to
> the site via Firefox. I'm also explicitly turning cookies *ON, BTW.

The "path" presented in the cookie is not related to a directory in your 
IFS.  Instead, it's related to the URL that you send/receive from their 
web server.

In other words, your jsessionid cookie should ONLY be sent to their web 
server if the URL starts with "http[s]://servername/cflc".  If that 
/cflc isn't there after the server name, the cookie should not be sent 
to them.

> Can you point me in the direction of a "cheat-sheet" that would
> describe the pieces needed (and the order that they need to be used)
> for HTTPAPI? That would REALLY be handy.

I'm not really sure what you're asking for.


> I have absolutely no idea if I'm connecting to the same server or not
> on alternate requests - is there a way to determine this?

I'd suggest eliminating the calls to the persist functions.  Just call 
http_url_get() and http_url_post() (or their "raw" variants).  Then it 
doesn't matter.

All the persist functions do is provide a means of maintaining the 
connection between calls to improve performance.  In other words, if I 
want to do the following requests:

       http://www.scottklement.com/test.php?id=1001
       http://www.scottklement.com/test.php?id=1002
       http://www.scottklement.com/test.php?id=1003

All of the requests are to the same server (www.scottklement.com) so 
it's silly to connect, send the first request, disconnect, then connect 
again, send request2, disconnect, etc.  Sure, connecting/disconnecting 
with each request will still work, but the connection process takes 
time, so it'll hurt performance.

If, instead, I connect, send request1, send request2, send request3, 
disconnect it'd be much faster.  That's what the "persist" routines do, 
they let you connect to the server once, issue several requests, and 
then disconnect.

The burning issue, however, is that all requests have to go to the same 
server.  If the requests are for multiple servers, the 
disconnect/reconnect is manditory since you need to talk to a completely 
different machine.


> I've included a "cut down" version of the debug file here, removing
> certificate information, most of the HTML, etc.

That's fine.

What I notice in your debug file is that the cookie name is uppercase 
when it's sent to you, and lowercase when it's sent back to the server. 
  I wonder if that matters?  I'll have to do some research...
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------