commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc.Saeges...@apropos.com
Subject RE: HttpClient HTTP response problem
Date Tue, 23 Apr 2002 19:30:03 GMT
I just commited the fix for 8287.  We'll accept 'secure' cookies over an
unsecure channel.  RFC 2109 seems to allow this as a valid thing.  It also
seems to allow us (the client) some flexibility in how we deal with 'secure'
cookies.  So, at least for now, we'll continue to only *send* them out in
Cookie headers on secure connections.  This also seems to be the behavior of
IIS.

I have no idea, right now, what the hell EBay is doing sending multiple 200
OK responses to the GET request.  I'll investigate this a little further and
let you know what I come up with.


Marc Saegesser 

> -----Original Message-----
> From: Rick Horowitz [mailto:rickhoro@yahoo.com]
> Sent: Tuesday, April 23, 2002 12:42 PM
> To: commons-dev@jakarta.apache.org
> Subject: HttpClient HTTP response problem
> 
> 
> I'm using HttpClient obtained from CVS a few days ago.
>  I'm trying to get the EBay login page, which I can
> GET from my browser via URL:
> 
>   http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?SignIn8
> 
> With HTTPClient, I'm using: 
> 
>   GetMethod method = 
>       new                                             
>    GetMethod("/aw-cgi/eBayISAPI.dll?SignIn");
>   method.setQueryString("SignIn");
> 
> I'm able to correctly receive the HTTP response body,
> but am having a problem with the HTTP headers in the
> response, as follows:
> 
> 1. EBay sends several cookies, 2 of which contain the
> "secure" parameter. This causes an exception in
> HttpClient because this is not an SSL connection,
> causing all cookies to be rejected by HttpClient. I
> voted for bug 8287, which I believe addresses this
> problem, but no fix as yet, if I'm not mistaken.
> 
> 2. In HttpMethodBase.readResponseHeaders(), the
> following confusing (at least to me) series of HTTP
> headers is read by HttpClient when receiving the HTTP
> response message:
> 
> Server: Microsoft-IIS/4.0
> Date: Tue, 23 Apr 2002 15:42:50 GMT
> Connection: close
> Set-Cookie:
> s=AAAEAAAASAAAARQAAAPqAxTx6u848QDY1LjkxLjIyMS4xMmUxdGVzdENvb2t
> pZSAkMiRKYWthcnRhICRzbllBam9OL3RyN2JLbk9jSW9jcUEuAA**l;
> path=/; domain=.ebay.com
> Set-Cookie: secure_ticket=n; path=/; domain=.ebay.com;
> secure
> Set-Cookie: secure_ticket_l2=n; path=/;
> domain=.ebay.com; secure
> HTTP/1.1 200 OK
> Server: Microsoft-IIS/4.0
> Date: Tue, 23 Apr 2002 15:42:50 GMT
> Connection: close
> Set-Cookie:
> s=AAAEAAAASAAAARQAAAPqAxTx6u848QDY1LjkxLjIyMS4xMmUxdGVzdENvb2t
> pZSAkMiRKYWthcnRhICRzbllBam9OL3RyN2JLbk9jSW9jcUEuAA**l;
> path=/; domain=.ebay.com
> HTTP/1.1 200 OK
> Server: Microsoft-IIS/4.0
> Date: Tue, 23 Apr 2002 15:42:50 GMT
> Connection: close
> 
> Note: the status line is sent by EBay 3 times (the
> first one doesn't appear in this list because it is
> processed previously by readStatusLine()). Also,
> related, is that the headers are repeated after the
> status line is resent. Anyone know what's going on
> here?
> 
> I modified the HttpClient code locally to ignore the
> additional status lines - clearly there's a problem
> here, but I don't know enough about HTTP to figure it
> out.
> 
> Thanks very much in advance for any help. BTW, I like
> the product very much in general, although a short
> HOW-TO would be useful. Kudos to the authors, and my
> thanks for your efforts.
> 
> Rick 
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Games - play chess, backgammon, pool and more
> http://games.yahoo.com/
> 
> --
> To unsubscribe, e-mail:   
> <mailto:commons-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:commons-dev-help@jakarta.apache.org>
> 

--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message