Return-Path: Delivered-To: apmail-jakarta-httpclient-dev-archive@www.apache.org Received: (qmail 46907 invoked from network); 21 Dec 2004 17:19:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 21 Dec 2004 17:19:14 -0000 Received: (qmail 34083 invoked by uid 500); 21 Dec 2004 17:18:31 -0000 Delivered-To: apmail-jakarta-httpclient-dev-archive@jakarta.apache.org Received: (qmail 34050 invoked by uid 500); 21 Dec 2004 17:18:31 -0000 Mailing-List: contact httpclient-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "HttpClient Project" Reply-To: "HttpClient Project" Delivered-To: mailing list httpclient-dev@jakarta.apache.org Received: (qmail 34016 invoked by uid 99); 21 Dec 2004 17:18:31 -0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=FORGED_RCVD_HELO,HTML_20_30,HTML_MESSAGE,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from nefastis.nationwide.com (HELO nefastis.ent.nwie.net) (155.188.184.66) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 21 Dec 2004 09:18:26 -0800 Received: from oedipa01 (oedipa [192.168.183.62]) by nefastis.ent.nwie.net (Switch-3.1.6/Switch-3.1.6) with ESMTP id iBLHINoH006580 for ; Tue, 21 Dec 2004 12:18:24 -0500 (EST) Received: from vapor.ent.nwie.net by oedipa01 via smtpd (for nefastis.ent.nwie.net [192.168.183.100]) with ESMTP; Tue, 21 Dec 2004 12:18:23 -0500 Received: from EntEDCMail08.nwie.net (ohlewlnp0007.nwie.net [172.24.129.5]) by vapor.ent.nwie.net (Switch-3.1.6/Switch-3.1.6) with ESMTP id iBLHINqL029015 for ; Tue, 21 Dec 2004 12:18:23 -0500 (EST) To: httpclient-dev@jakarta.apache.org Subject: Cookie header requests not being accepted by IIS/ColdFusion 5 server MIME-Version: 1.0 X-Mailer: Lotus Notes Release 5.0.10 March 22, 2002 Message-ID: From: HURSTG@Nationwide.com Date: Tue, 21 Dec 2004 11:18:22 -0600 X-MIMETrack: Serialize by Router on EntEDCMail08/SRV/NWIE(Release 6.5.2|June 01, 2004) at 12/21/2004 12:18:23 PM, Serialize complete at 12/21/2004 12:18:23 PM Content-Type: multipart/alternative; boundary="=_alternative 005F110286256F71_=" X-MASF: 0.00% X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N --=_alternative 005F110286256F71_= Content-Type: text/plain; charset="us-ascii" I submitted this to the user mailing list, but then read that I probably should have submitted it here instead. Sorry about that... I have been trying to get my ColdFusion 5/IIS server to work with Canoo Webtest (which uses HTTPClient) and everything works except client variables. In ColdFusion, client variables depend on being able to set and read two cookies (CFID and CFTOKEN) on the client. The pages I am trying to get to work with httpclient work flawlessly when I use Internet Explorer 6.0 instead. With HTTPClient and two successive, identical requests, the following protocol steps occur (for simplicity, I refer only to CFID): 1) HTTPClient sends the first GET request to the server 2) The server sets a cookie in the browser with a response header: Set-Cookie: CFID=118341; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/; 3) Httpclient now tries an identical second GET request and sends a request header containing: Cookie: CFID=118341 4) The server replies in the next response header with a new value for CFID: Set-Cookie: CFID=118342; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/; Step 4 should not occur because step 3 should have signaled the server that the client already has a valid CFID and this value should be used to access server-stored client variables. So, the server is not accepting/recognizing CFID=118341 for some reason and is issuing the next increment in CFID to the browser. I can watch all of this happen by following the wire debug information output by httpclient. If I use ColdFusion code, I get interesting disparities. One CF function, GetHTTPRequestData, shows the headers have been received by the CF Server engine and these values match what httpclient's debug log says. However, if I loop through all cookies using CF code on the same page and immediately after the GetHTTPRequestData function, the CFID cookie shows a newly incremented value! If I pass CFID and CFTOKEN in the action URL of a form, httpclient can submit the form just as well as Internet Explorer. Examination of the headers in this URL-passed case shows that the server recognizes the CFID and CFTOKEN from the URL and responds with an identical CFID and CFTOKEN in the Set-Cookie header of the next response. I can't figure out why the cookie information in the httpclient-initiated request is being ignored by our server. The headers appear to be formatted correctly. All cookies seem to have the right values as they are passed back and forth. Below is an example of a trace and you will see where the server accepts URL-appended parameters and ignores header-embedded information. In this example, I start at working.cfm, which submits to security_router.cfm with CFID and CFTOKEN in the action URL. Notice that the browser is also responding with the initial header information, but the server only recognizes the URL version (a 118315 value previously set on the server using Internet Explorer). The browser then dutifully accepts the new CFID value which it will use in its next request. Finally, working.cfm is loaded a second time as a final test and here we stop. The browser CFID cookie is ignored on the second working.cfm load, but, in this case, there is no URL to save the day and the server increments the CFID in its next response. Again, this all works fine in Internet Explorer. I have used a header display utility for Internet Explorer and you can see that once CF Server receives a CFID-laden cookie request header, it never issues a Set-Cookie header after that (unless a CFID is received in an form's action URL, whereupon CF Server WILL ignore the request header and issue a new set-cookie command with the value from the action URL.) Now, there is one other relevant piece of information. HTTPClient allows the cookie compatibility mode to be set to one of three values. Webtest's code, however, exerts control over this option and CURRENTLY always forces the setting to 'compatibility'. This prevents me from trying the other two modes by setting a system property. This has been changed recently, but not committed in Webtest, so I am still waiting to try this. I do not know what kind of cookie CF Server might prefer and I also don't know whether these modes matter much more to the client than the server. HTTPClient seems to understand CF Server's Set-Cookie response headers very well; it is CF Server that doesn't seem to recognize HTTPClient's Cookie: request header. Sorry to be so long-winded, but there's a lot of information to cover here to describe this problem adequately. If I'm lucky, I may even get in below this list's maximum message length ;)... Anyone have any ideas? Jerry [testSpec] DEBUG (httpclient.wire.header) - >> "GET /personal/pgh009/_TESTING/center/templates/working.cfm HTTP/1.1[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Host: test.allied.nwie.net[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "HTTP/1.1 200 OK[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Server: Microsoft-IIS/5.0[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Date: Wed, 15 Dec 2004 20:16:16 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Pragma: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Cache-Control: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Expires: Monday, 01 Jan 1980 15:20 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Connection: close[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Content-type: text/html[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Page-Completion-Status: Normal[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Page-Completion-Status: Normal[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Set-Cookie: CFID=118341; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Set-Cookie: CFTOKEN=4d7a427%2D31a7af1b%2D5d61%2D415a%2D9bcc%2D75a5aa5aee29; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "POST /personal/pgh009/_TESTING/center/templates/security_router.cfm?CFID=118315&CFTOKEN=5183111-9%20fcc7411-1b5e-40b9-a49a-10fb201ee036 HTTP/1.1[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Host: test.allied.nwie.net[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Cookie: CFID=118341[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Cookie: CFTOKEN=4d7a427%2D31a7af1b%2D5d61%2D415a%2D9bcc%2D75a5aa5aee29[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Content-Length: 41[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Content-Type: application/x-www-form-urlencoded[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "HTTP/1.1 100 Continue[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Server: Microsoft-IIS/5.0[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Date: Wed, 15 Dec 2004 20:16:17 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Pragma: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Cache-Control: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Expires: Monday, 01 Jan 1980 15:20 GMT[\r][\n]" [testSpec] INFO (org.apache.commons.httpclient.HttpMethodBase) - Discarding unexpected response: HTTP/1.1 100 Continue [testSpec] DEBUG (httpclient.wire.header) - << "HTTP/1.1 200 OK[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Server: Microsoft-IIS/5.0[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Date: Wed, 15 Dec 2004 20:16:17 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Pragma: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Cache-Control: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Expires: Monday, 01 Jan 1980 15:20 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Connection: close[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Content-type: text/html[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Page-Completion-Status: Normal[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Page-Completion-Status: Normal[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Set-Cookie: CFID=118315; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Set-Cookie: CFTOKEN=5183111%2D9+fcc7411%2D1b5e%2D40b9%2Da49a%2D10fb201ee036; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "GET /personal/pgh009/_TESTING/center/templates/working.cfm HTTP/1.1[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Host: test.allied.nwie.net[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Cookie: CFID=118315[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "Cookie: CFTOKEN=5183111%2D9+fcc7411%2D1b5e%2D40b9%2Da49a%2D10fb201ee036[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - >> "[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "HTTP/1.1 200 OK[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Server: Microsoft-IIS/5.0[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Date: Wed, 15 Dec 2004 20:16:17 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Pragma: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Cache-Control: no-cache[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Expires: Monday, 01 Jan 1980 15:20 GMT[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Connection: close[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Content-type: text/html[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Page-Completion-Status: Normal[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Page-Completion-Status: Normal[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Set-Cookie: CFID=118342; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;[\r][\n]" [testSpec] DEBUG (httpclient.wire.header) - << "Set-Cookie: CFTOKEN=412e9be%2Dc509b492%2D7529%2D4db7%2Dbd83%2Dae2255f976ee; expires=Sun, 27-Sep-2037 00:00:00 GMT; path=/;[\r][\n]" --=_alternative 005F110286256F71_=--