[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTPAPI to SSL Website



Scott:

Thanks for continuing to look at this!

After I had sent the program / described what it was doing (yesterday, actually), I changed it to perform a GET, rather than a POST. I did that based on watching the packets with the Firefox TamperData add in. Since I was using the non-beta version of your code, it did the same thing (session timeout).

I'll get the beta code & try it again.

Thanks again for your help on this - I really, REALLY appreciate it!

Jon Juracich, IBM Certified Specialist: RPG IV Developer
Sr. Staff Consultant, IBM Solutions Practice

Affiliated, Inc.
(614)889-6555, ext 355

www.aresgrp.com

Affiliated helps growing & Mid-Market organizations identify, evaluate, and implement solutions that use new & existing technology & resources that improve operational efficiency or increase revenue. Both make your organization more profitable and more successful.
________________________________________
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement [sk@xxxxxxxxxxxxxxxx]
Sent: Tuesday, July 01, 2008 2:59 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: HTTPAPI to SSL Website

Hi Jon,

I tried to write a quick program to test your CFLC web site, I did got
it working (maybe... I'm not exactly sure what the program is supposed
to do).  I noticed the following:

a) You were sending a POST request (instead of a GET) for the
addEnrolee.do page -- which might've caused the dispatch variable to not
be found by the server, since the server was expecting a GET request.

b) When I ran my own copy of the program I got a Cookie error in the
debug log.  (This error wasn't in your log, which I can't explain!)  I
traced the error to a bug in the "case-sensitivity" update that I sent
you on June 26.

c) So I fixed the bug in the case-sensitivity code, and now my program
works!  Here's the code I'm testing with:


      H DFTACTGRP(*NO) ACTGRP(*NEW) BNDDIR('LIBHTTP/HTTPAPI')

       /copy httpapi_h

      D rc              s             10i 0

       /free
        http_debug(*ON);

        rc=http_url_get('https://webapps.doj.ca.gov/cflc/index.jsp'
                       : '/tmp/deleteme');
        if (rc<>1);
          http_crash();
        endif;

        rc=http_url_get('https://webapps.doj.ca.gov/cflc/addEnrolee.do'
                       + '?dispatch=enrollmentGuidelines'
                       : '/tmp/deleteme');
        if (rc<>1);
          http_crash();
        endif;

        *inlr = *on;

       /end-free

To get my updated HTTPAPI (with the fix I made to the bug in the
case-sensitivity code) please download the latest copy from
http://www.scottklement.com/httpapi/beta

I'm still confused about why the bug didn't show up in your log file
(with a cookie error message).  Did you notice the problem and fix it on
your end already?  That's all I can think of...  but it seems unlikely
you'd do that without mentioning it... so I'm puzzled.


Juracich, Jon wrote:
> I don't know that I'm having a problem with the SSL part, per se.
> It's more like what I'm trying to send (the session cookie value, for
> the second page), or maybe what I'm not sending. I've used a couple
> of the tools available for Firefox (Firebug and TamperData) but I
> don't really know how to read what I'm seeing. Using TamperData, it
> LOOKS like Firefox is doing a straight GET to retrieve the second
> page. Does that involve sending anything up to the server, other than
> the "GET" request? If it does, and HTTPAPI doesn't do that, I would
> think that I would have to "send" something with the cookie value.
> Maybe.
>
> I've also used the HTTPAPI debug tool to dump the communications out
> to a file. That, I can kind of read (but not necessarily completely
> understand!).

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------