hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xavier Frisaye" <x.fris...@t4hr.com>
Subject RE: Cookie rejected problem
Date Wed, 25 Feb 2004 06:58:05 GMT
You're absolutely right, Roland, i was about sure about it but with your
confirmation, there is no doubt.

Thank you for your reply

-----Original Message-----
From: Roland Weber [mailto:ROLWEBER@de.ibm.com]
Sent: mardi 24 fevrier 2004 13:05
To: Commons HttpClient Project
Subject: Re: Cookie rejected problem


Hello Xavier,

your first action should be to contact the administrator of
that web site and tell him that the cookie configuration is
all screwed up.
No browser should accept a cookie for .smals-mvm.be
coming from socialsecurity.be, let alone HttpClient. It
would be a security violation to do so.

Next, you should check whether you need the cookie at all.
I doubt there are many browsers that fail to filter that
cookie. So the site may work without it.

Finally, you can implement your own InsecureGetMethod,
derived from GetMethod, where you override the method
processResponseHeaders. Then you create a cookie that
has the originating domain instead of the invalid domain,
and add that cookie to the state.

cheers,
  Roland








"Xavier Frisaye" <x.frisaye@t4hr.com>
24.02.2004 12:33
Please respond to "Commons HttpClient Project"
 
        To:     "Commons HttpClient Project" 
<commons-httpclient-dev@jakarta.apache.org>
        cc: 
        Subject:        Cookie rejected problem


Hi all,
I'm using httpclient 2.0 and i'm encountering this problem when i try to
connect to
https://www.socialsecurity.be/login/login_fr?j_target_url=%2Fsrd%2Findex
.jsp using a get method :

24-fevr.-2004 11:58:35 org.apache.commons.httpclient.HttpMethodBase
processResponseHeaders 
ATTENTION: Cookie rejected:
"JSESSIONID=A7vh20mc7kV8j1gNcy0utYApOrPTzn2ZLLbX2zeY633eHw1xw5If!1167850
366!freyr.smals-mvm.be!8090!-1". Illegal domain attribute
".smals-mvm.be". Domain of origin: "socialsecurity.be"

I know this is a security/policy cookie problem and i try all available
cookie policies but it doesn't work...

Does anyone have a solution for this?

Thanks a lot

---------------------------------------------------------------------
To unsubscribe, e-mail: 
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: 
commons-httpclient-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message