hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 20031] New: - Set-Cookie header misinterpreted
Date Mon, 19 May 2003 10:42:40 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20031>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20031

Set-Cookie header misinterpreted

           Summary: Set-Cookie header misinterpreted
           Product: Commons
           Version: 2.0 Alpha 1
          Platform: PC
        OS/Version: Other
            Status: NEW
          Severity: Major
          Priority: Other
         Component: HttpClient
        AssignedTo: commons-httpclient-dev@jakarta.apache.org
        ReportedBy: lars.wunderlich@tui.de


Reading some Microsoft Expedia.de websites with HttpClient I found a strange disbehaviour
between browser and Apache HttpClient interpretation of cookie header data from a website.
E.g. the IIS server at expedia.de serves the following cookie data:

Set-Cookie: user=v.3,EX01E6A0DF34$17$34201000$0B$B7$E94!G0.!5010$0E020$BF$31$B0$7D$DF$C2$EA9;
Domain=.expedia.de; path=/

As defined in RFC document 2109 chapter 4.2.2 Cookie Syntax:
"Informally, the Set-Cookie response header comprises the token Set- Cookie:, followed by
a comma-separated list of one or more cookies. Each cookie begins with a NAME=VALUE pair,
followed by zero or more semi-colon-separated attribute-value pairs."

On the one hand the responsible parser in the commons HttpClient separates the String correctly
at its commata and therefore creates two cookie data elements:
user=v.3
EX01E6A0DF34$17$34201000$0B$B7$E94!G0.!5010$0E020$BF$31$B0$7D$DF$C2$EA9=null

one the other hand the Microsoft InternetExplorer seems to interpret it as only one element
with a comma inside:
user=v.3,EX01E6A0DF34$17$34201000$0B$B7$E94!G0.!5010$0E020$BF$31$B0$7D$DF$C2$EA9

Only taking a look at the first sentence the interpretation of the Apache parser is right,but
taking a second look at the sentences "Each cookie begins with a NAME=VALUE pair..." is not
taken into account by the Apache Parser.

You may decide this is not a bug, but IE 5.5 and Mozilla 1.4 seem to parse these cookie data
fine.

Mime
View raw message