views:

20

answers:

1

I'm trying to get an OAuth implementation running on a servlet for Twitter. I'm having trouble with redirecting the user to the Twitter authentication page. When I get the callback, it's returned to a servlet but the session is different since the request comes from Twitter and not my webapp.

I tried using encodeRedirectURL to get the session to persist to the outside site but that doesn't work. Need help!

+2  A: 

You have to add the session ID as jsessionid fragment of callback URL. Twitter has to callback to http://example.com/callbackservlet;jsessionid=1E6FEC0D14D044541DD84D2D013D29ED (note: the jsessionid value is here just an example).

The HttpServletResponse#encodeRedirectURL() (and encodeURL()) won't encode the URL when the client already supports cookies. You need to hard-encode it yourself.

String url = "http://example.com/callbackservlet";
String encodedURL = url + ";jsessionid=" + request.getSession().getId();
BalusC
Good answer! But I ran into another problem with it. The callback returns to request parameters but Tomcat strips everything from jsessionid to the end of the URL off so I lose those parameters.
Kirn
Are you sure that it's Tomcat who is doing that? Isn't there some `Filter` in your webapp which is doing like `response.sendRedirect(request.getRequestURI())` based on some condition?
BalusC