To be sure, you should be gathering the cookies from the response’s Set-Cookie headers. To send them back in the subsequent requests, you should set them one by one using URLConnection#addRequestProperty().
Basically:
// ...
// Grab Set-Cookie headers:
List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
// ...
// Send them back in subsequent requests:
for (String cookie : cookies) {
connection.addRequestProperty("Cookie", cookie.split(";", 2)[0]);
}
// ...
The split(";", 2) is there to get rid of cookie attributes which are irrelevant for the server side like expires, path, etc.
For a more convenienced HTTP client I’d suggest to have a look at Apache HttpComponents Client. It can handle all the cookie stuff more transparently.
See also:
Update: as per the comments, this is not a cookie problem. A wrong request token means that the server has CSRF/bot prevention builtin (to prevent people like you). You need to extract the token as a hidden input field from the requested page with the form and resend it as a request parameter. Jsoup may be useful to extract all (hidden) input fields. Don’t forget to pass the name-value pair of the button as well which you’d like to “press” programmatically. Also see the abovementioned link for more hints.
In the future, you should really be more clear about the exact error you retrieve and not guess something in the wild. Copypaste the exact error message and so on.