hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ROLWE...@de.ibm.com>
Subject Re: Cookie rejected problem
Date Tue, 24 Feb 2004 12:04:52 GMT
Hello Xavier,

your first action should be to contact the administrator of
that web site and tell him that the cookie configuration is
all screwed up.
No browser should accept a cookie for .smals-mvm.be
coming from socialsecurity.be, let alone HttpClient. It
would be a security violation to do so.

Next, you should check whether you need the cookie at all.
I doubt there are many browsers that fail to filter that
cookie. So the site may work without it.

Finally, you can implement your own InsecureGetMethod,
derived from GetMethod, where you override the method
processResponseHeaders. Then you create a cookie that
has the originating domain instead of the invalid domain,
and add that cookie to the state.


"Xavier Frisaye" <x.frisaye@t4hr.com>
24.02.2004 12:33
Please respond to "Commons HttpClient Project"
        To:     "Commons HttpClient Project" 
        Subject:        Cookie rejected problem

Hi all,
I'm using httpclient 2.0 and i'm encountering this problem when i try to
connect to
.jsp using a get method :

24-fevr.-2004 11:58:35 org.apache.commons.httpclient.HttpMethodBase
ATTENTION: Cookie rejected:
366!freyr.smals-mvm.be!8090!-1". Illegal domain attribute
".smals-mvm.be". Domain of origin: "socialsecurity.be"

I know this is a security/policy cookie problem and i try all available
cookie policies but it doesn't work...

Does anyone have a solution for this?

Thanks a lot

To unsubscribe, e-mail: 
For additional commands, e-mail: 

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message