hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kalnichevski, Oleg" <oleg.kalnichev...@bearingpoint.com>
Subject Re: Bad cookie header: illegal domain attribute
Date Mon, 16 Dec 2002 11:27:26 GMT
Mike

Cookie management in the HttpClient has undergone a massive overhaul. Compliance with Netscape
cookie draft & RFC 2109 has been revised and improved. Besides, for cases like the one
you reported, there's now an option of activating a compatibility mode which would make HttpClient
perform only most generic cookie validation in order to mimic the behaviour of popular web
browsers. 

Please use the following statement to activate cookie management compatibility mode

CookiePolicy.setDefaultPolicy(CookiePolicy.COMPATIBILITY)

Use the following statement should you want to go back to the cookie Taliban mode

CookiePolicy.setDefaultPolicy(CookiePolicy.RFC2109)

Please let me know if you find the solution satisfactory, so I could consider the issue resolved

Cheers

Oleg

PS: Here's a short code snippet just in case

=================================================================
import junit.framework.TestCase;

import org.apache.commons.httpclient.*;
import org.apache.commons.httpclient.cookie.*;
import org.apache.commons.httpclient.methods.*;

public class MyTest extends TestCase
{
	public MyTest(String s)
	{
		super(s);
	}
	
	
	public void testCompatibilityMode()
	{

	  CookiePolicy.setDefaultPolicy(CookiePolicy.COMPATIBILITY);
		
        HttpClient client = new HttpClient();
        client.getHostConfiguration().setHost("www.google.ch", 80, "http");
        client.setStrictMode(true);

        GetMethod httpget = new GetMethod("/");
        httpget.setUseDisk(false);
        try 
        {
        	client.executeMethod(httpget);
        } 
        catch (Exception e)
        {
        	e.printStackTrace();
            fail("Unexpected exception: " + e.toString());
        }
        // Count your cookies
        Cookie[] cookies = client.getState().getCookies();
        for (int i = 0; i < cookies.length; i++)
        {
        	System.out.println("Cookie: " + cookies[i].toExternalForm());
        } 
        assertEquals(200,httpget.getStatusCode());
	}
}
=========================================================================

  > How does the browser know the server you are sending the request
 > to? I notice the server think's its name is
 > "tcisudev02.tci.toyota.com" which shouldn't match any cookie sent
 > with a ".toyota.ca" domain.

The servers real host name is tcisudev02.tci.toyota.com but it has a 
virtual host set up for test2.ecp.toyota.ca and a corresponding dns 
entry for that.

 > Could your browser be deciding to send the cookie based on
 > a name lookup that does resolve to "xxx.toyota.ca" rather
 > than "yyyy.xxx.toyota.ca"?

I wouldn't think so but I've been wrong before ;-)

As far as I know, the browser never knows that it's talking to anything 
other than test2.ecp.toyota.ca.  The only place that the name 
"tcisudev02.tci.toyota.com" shows up in the trace is in something to be 
displayed to the user, not something that would be parsed by the browser.

I would imagine that IE and Mozilla are sending cookies based on the url 
typed in by the user, not by doing reverse dns lookups.

-- 
Mike Bowler
Principal, Gargoyle Software Inc.
Voice: (416) 822-0973 | Email  : mbowler@GargoyleSoftware.com
Fax  : (416) 822-0975 | Website: http://www.GargoyleSoftware.com

Mime
View raw message