I'm writing a VBA web service client in Excel 2010 using MSXML2.XMLHTTP60 for my Java REST web services hosted on Tomcat 8.5.5.
In VBA, I want to snag the string JSESSIONID=E4E7666024C56427645D65BEB49ADC11
from a response and set it in a subsequent request.
(if Excel crashes, it seems that this cookie is lost and the user has to authenticate again. I want to set the last stored session ID for the user, so if the session is still alive on the server, they don't have to re-authenticate in the Excel client.)
I saw some online resources according to which the following will pull the JSESSIONID cookie, but the last line always prints empty:
Dim httpObj As New MSXML2.XMLHTTP60
With httpObj
.Open "POST", URL, False
.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
.SetRequestHeader "Connection", "keep-alive"
.Send
End With
Debug.Print "Response header Cookie: " & httpObj.GetResponseHeader("Cookie") 'This should pull the JSESSIONID cookie but is empty
When I print httpObj.GetAllResponseHeaders
I do not see any headers that hold JSESSIONID.
In the same resources, the following should set the desired cookie, but it doesn't (I print out the headers of the incoming request on the server and see that my attempt did not override the JSESSIONID value).
httpObj.SetRequestHeader "Cookie", "JSESSIONID=blahblah"
I may be missing the mechanism for how JSESSIONED is transmitted, and how and when VBA pulls it and sets it.
Best Answer
Try to use
MSXML2.ServerXMLHTTP
to get control over cookies. The code below shows how to retrieve and parse cookies, and make request using that cookies:You can see the result of cookies parsing in Locals window on breakpoint, first element contain nested array, representing JSESSIONID:
Generally the above example scrapes project names from http://energy.ehawaii.gov/epd/public/energy-projects-list.html (question):
Another one example is for https://netforum.avectra.com/eweb/ (question). Just add the below Sub:
You can also see the cookies in Locals window, either not JSESSIONID, but others showing the method:
Note it's simplified method, it parses all cookies regardless path, domain, Secure or HttpOnly options.