Forum How do I...?

Enforce corect HTTP session handling

silviobierman
When Prince performs a HTTP GET to retrieve an HTML page it should remember any session cookies returned by the server to reuse them when retrieving images etc. that are referenced by the HTML and that reside on the same server.
I traced the HTTP traffic and found out that Prince does not return the JSESSIONID cookie. Can I influence this behaviour?

Kind regards,

Silvio Bierman
silviobierman
In absence of proper session cookie support an alternative might be or the HTTP server to start with an HTTP 307 (Moved Temporarily) status and a Location header that redirects to a URL containing the session id. Relative URLs in a received document would then implicitly contain a session id.
Does Prince honour HTTP redirect responses?

Kind regards,

Silvio Bierman
mikeday
Yes, HTTP redirects should be followed. Prince doesn't currently remember cookies between requests, this is something that we would have to add as libcurl doesn't handle cookies automatically.
silviobierman
Appearantly redirects work but they did not solve my problem. Unfortunately, relative URLs do not carry a URL-encoded session id. I had to resort to generating image URLs with explicit session ids.

This is ugly by itself but because we use a self-written load balancing reverse proxy that uses session id prefixing to stick sessions to backend servers it is not generally possible for backend code to communicatie session ids to the clients directly (ie. not beng adjusted by the proxy).

We had to make the proxy stick a proprietary header to all HTTP requests that expresses the session id decoration/prefix to enable backends to generate external/clientside session ids in content like HTML.

I did some googling and it seems that libcurl CAN handle session cookies. Also I noticed that Prince on windows does not handle sessions as well. Does the Windows version also use libcurl?

Kind regards,

Silvio Bierman
mikeday
You're right, the CURLOPT_COOKIEFILE option appears to make libcurl remember and resend cookies on subsequent requests. Thanks for the tip, we'll enable this behaviour in the next release. :)
mikeday
Today we have released Prince 6.0 rev 5, which remembers cookies for subsequent HTTP requests.