activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AMQ-6571) HttpClientTransport refuses to accept cookies using `Expires' header
Date Fri, 20 Jan 2017 14:56:26 GMT

     [ https://issues.apache.org/jira/browse/AMQ-6571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gary Tully resolved AMQ-6571.
-----------------------------
       Resolution: Fixed
    Fix Version/s: 5.15.0

patch applied with thanks.

> HttpClientTransport refuses to accept cookies using `Expires' header
> --------------------------------------------------------------------
>
>                 Key: AMQ-6571
>                 URL: https://issues.apache.org/jira/browse/AMQ-6571
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Transport
>    Affects Versions: 5.14.2, 5.14.3
>            Reporter: Andrew Flegg
>              Labels: easyfix
>             Fix For: 5.15.0
>
>         Attachments: cookie-handling.patch, cookie-handling.patch
>
>
> h2. Background
> We are using ActiveMQ's [HTTP transport|http://activemq.apache.org/http-and-https-transports-reference.html]
to connect to brokers hosted in AWS, behind a load balancer.
> This transport requires a sticky session (i.e. session affinity) because of the local
map of clients in [{{HttpTunnelServlet.clients}}|https://github.com/apache/activemq/blob/master/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java#L60]
> AWS's classic load balancer sends sticky session cookies with the {{max-age}} attribute:
> {noformat}
> AWSELB=2DC7[...]F155;PATH=/;MAX-AGE=36000
> {noformat}
> Whereas AWS's new application load balancer, which supports a web application firewall
(WAF), uses the {{Expires}} attribute:
> {noformat}
> AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/
> {noformat}
> As of [RFC 6265|https://tools.ietf.org/html/rfc6265] both {{max-age}} and {{Expires}}
are valid attributes.
> h2. Issue
> Apache HTTP Client 4.5.2 defaults to a [cookie policy of {{best-match}}|https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/params/CookiePolicy.html].
When the {{AWSALB}} cookie is received, the cookie is not handled and the ActiveMQ log contains
the following:
> {noformat}
> 2017-01-19 12:23:58,185 | WARN  | Invalid cookie header: "Set-Cookie: AWSALB=QclQ[...]V2kP;
Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/". Invalid 'expires' attribute: Tue, 27 Dec 2016
09:31:43 GMT | org.apache.http.client.protocol.ResponseProcessCookies | main
> {noformat}
> h2. Solution
> The solution is to change the cookie policy in {{HttpClientTransport.createHttpClient()}}:
> {code:java}
> HttpClientParams.setCookiePolicy(params, CookiePolicy.BROWSER_COMPATIBILITY);
> {code}
> Patch attached.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message