hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ROLWE...@de.ibm.com>
Subject Re: Cookie rejected problem
Date Tue, 24 Feb 2004 12:04:52 GMT
Hello Xavier,

your first action should be to contact the administrator of
that web site and tell him that the cookie configuration is
all screwed up.
No browser should accept a cookie for .smals-mvm.be
coming from socialsecurity.be, let alone HttpClient. It
would be a security violation to do so.

Next, you should check whether you need the cookie at all.
I doubt there are many browsers that fail to filter that
cookie. So the site may work without it.

Finally, you can implement your own InsecureGetMethod,
derived from GetMethod, where you override the method
processResponseHeaders. Then you create a cookie that
has the originating domain instead of the invalid domain,
and add that cookie to the state.

cheers,
  Roland








"Xavier Frisaye" <x.frisaye@t4hr.com>
24.02.2004 12:33
Please respond to "Commons HttpClient Project"
 
        To:     "Commons HttpClient Project" 
<commons-httpclient-dev@jakarta.apache.org>
        cc: 
        Subject:        Cookie rejected problem


Hi all,
I'm using httpclient 2.0 and i'm encountering this problem when i try to
connect to
https://www.socialsecurity.be/login/login_fr?j_target_url=%2Fsrd%2Findex
.jsp using a get method :

24-fevr.-2004 11:58:35 org.apache.commons.httpclient.HttpMethodBase
processResponseHeaders 
ATTENTION: Cookie rejected:
"JSESSIONID=A7vh20mc7kV8j1gNcy0utYApOrPTzn2ZLLbX2zeY633eHw1xw5If!1167850
366!freyr.smals-mvm.be!8090!-1". Illegal domain attribute
".smals-mvm.be". Domain of origin: "socialsecurity.be"

I know this is a security/policy cookie problem and i try all available
cookie policies but it doesn't work...

Does anyone have a solution for this?

Thanks a lot

---------------------------------------------------------------------
To unsubscribe, e-mail: 
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: 
commons-httpclient-dev-help@jakarta.apache.org



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message