The primary reason for my trouble was that the site returned a 302 result with appropriate cookies, but I never got a chance to interpret it.
The default behaviour of the HttpURLConnection is to follow the redirects for me. This would have been dandy if it also preserved the cookies as they came back from the first request, but it did not. This caused the server to receive the redirect to the proper site, but lose its cookies showing my login was good.
To fix this just needed this call early in my program:
HttpURLConnection.setFollowRedirects(false);
That let the 302 get seen by my code which could then gather the cookie values and resubmit a request to the new Location. I don't know if it's a bug that the redirect following ignored the Set-Cookie header values, but whether it should have or not, it certainly confused me for a while.
Another issue was that the site I used sometimes sent a Location value that was relative rather than absolute, so I had to handle that with code like this:
if (!location.startsWith("http")) {
String newLocation = url.getProtocol() + "://" + url.getHost();
if (url.getPort() > 0) {
newLocation += ":" + url.getPort();
}
if (location.startsWith("/")) {
newLocation += location;
}
else {
if (!location.startsWith("/")) {
location = "/" + location;
}
newLocation += url.getPath() + location;
}
location = newLocation;
}
url = new URL(location);
This would get done in a loop that keeps trying new url values while 302's keep coming back.
