hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24081] - Manually set 'Cookie' & 'Authorization' headers get discarded
Date Thu, 30 Oct 2003 08:35:43 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24081>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24081

Manually set 'Cookie' & 'Authorization' headers get discarded





------- Additional Comments From rolweber@de.ibm.com  2003-10-30 08:35 -------
Hello Oleg,

I have just taken a look at it. In combination with pluggable cookie policies,
this patch provides everything I would need. Cookies can be set manually, with
or without being extended by the cookies from the HttpState. Resolving clashes
between manually set cookies and those in the state is the responsibility of
whom who sets cookies manually. And someone who wants his cookie header to be
removed automatically shouldn't set it in the first place :-)

No, wait, there is one thing:  RFC 2965 in section 3.3.4 (last paragraph before
the note) specifies that cookies shall be sent in a defined order, those with
more specific paths preceeding those with less specific paths.
Considering the fuss of parsing manually set cookie headers, I wouldn't want
this to be implemented by the HTTP Client. But that should at least be pointed
out somewhere in the JavaDocs. In HttpMethod.{set|add}RequestHeader?

cheers,
  Roland

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message