commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kedar Panse <>
Subject Re: [HTTPClient 3.0 alpha] Cookie handling-- with secure attrubute
Date Tue, 08 Jun 2004 23:52:01 GMT
Thanks,  that removing secure setting worked. It wasn't sending secure 
cookies even for https,  I think may be as I registered https protocol 
for https using custom Secure Socket factory, it wasn't sending the 
secure cookie.
I was using  --> Protocol.registerProtocol("https", new 
Protocol("https", new MySecureSocketFactory(), 443)); ? Anyways seems to 
work now


Michael Becke wrote:

> On Jun 7, 2004, at 7:54 PM, Kedar Panse wrote:
>> I am sorry tobe bothering like this.   While investingating more I 
>> found out its not sending cookies marked secure (I guess this means 
>> send only if its shttp/ssl).  How do I overcome this?
> Yes, this could definitely be the source of the problem.  HttpClient 
> will only send secure cookies over secure (https) connections.
> The only way to override this behavior would be to manually edit the 
> secure cookies to remove the secure setting, or to implement a custom 
> version of CookieSpec with a lax version of match().  Doing this would 
> not be recommended as it would defeat the whole purpose of having 
> secure cookies.
> Mike
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> .

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message