hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: cookie processing
Date Mon, 20 Feb 2006 14:54:22 GMT
On Mon, 2006-02-20 at 15:46 +0100, Hoef, Jan wrote:
> Thanx for your explanation. I'll try out the Netscape cookie draft spec.
> However the httpclient code generates only 3 cookies out of it, not 4.
> 
> Jan
> 

Jan,
I have not touched the HttpClient 2.x code for almost 6 months now, so I
may well be wrong about it, but I do see that both cookies violate the
HTTP spec. Try hitting the site with HttpClient 3.0 and see if that
makes any difference

Oleg 


> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sent: maandag 20 februari 2006 15:36
> To: HttpClient Project
> Subject: Re: cookie processing
> 
> On Mon, 2006-02-20 at 14:34 +0100, Hoef, Jan wrote:
> > Hi,
> >  
> > I am working with the jakarta project slide that uses the
> > commons-httpclient-2.0.2. 
> > I have written a client that sends requests via webdav  to the
> microsoft
> > exchange server 2003.
> > In the exchange server form based authentication is active. 
> > Wenn I enter my logon credentials in my post request, the server
> > responds containing 2 cookies that are needed in all next request.
> > These cookies are, e.g.:
> > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/
> > -
> >
> cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > P+E2OfwYC4rWCMgGe; HttpOnly; secure; path=/
> >  
> > However at parsing the cookies, 3 cookies are recognized, i.e.:
> > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828
> > - 0x409
> > -
> >
> cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > P+E2OfwYC4rWCMgGe
> >  
> > The 0x409 part should not be a cookie but should be a part of the
> > sessionid cookie!!!
> >  
> 
> No, this is wrong. The cookie sessionid clearly violates the HTTP spec
> and the Cookie and Cookie2 specs. Please report this bug to the software
> manufacturer.
> 
> Actually you should be getting 4 cookies in total, as the cadata cookie
> is invalid as well.
> 
> HttpClient 3.0 provides the Netscape Draft cookie spec which may work
> with these cookies. Netscape Cookie Draft is the only spec that permits
> the use of special separator characters, such as comma, in cookie values
> that are not enclosed in quotes
> 
> Hope this explains the situation
> 
> Oleg  
> 
> 
> > The ideal solution would be to correct this in the cookie parser.
> > Because I am no expert in cookies and httpclient, Ii changed the
> > httpstate class in such a  way that I can manipulate the cookies. See
> > path below.
> >  
> > Jan
> >  
> > 
> > 
> > [patch]
> > Index:
> >
> D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava
> > ===================================================================
> > ---
> >
> D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava	(revision 379076)
> > +++
> >
> D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava	(working copy)
> > @@ -1,7 +1,7 @@
> >  /*
> >   * $Header:
> >
> /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commo
> > ns//httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v
> > 1.22.2.3 2003/10/29 03:08:49 mbecke Exp $
> >   * $Revision: 1.22.2.3 $
> > - * $Date: 2003/10/29 03:08:49 $
> > + * $Date$
> >   *
> >   *
> ====================================================================
> >   *
> > @@ -96,7 +96,7 @@
> >   * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike
> > Bowler</a>
> >   * @author <a href="mailto:adrian@intencha.com">Adrian Sutton</a>
> >   * 
> > - * @version $Revision: 1.22.2.3 $ $Date: 2003/10/29 03:08:49 $
> > + * @version $Revision: 1.22.2.3 $ $Date$
> >   * 
> >   */
> >  public class HttpState {
> > @@ -199,6 +199,7 @@
> >      public synchronized void addCookie(Cookie cookie) {
> >          LOG.trace("enter HttpState.addCookie(Cookie)");
> >  
> > +        int i = 0;
> >          if (cookie != null) {
> >              // first remove any old cookie that is equivalent
> >              for (Iterator it = cookies.iterator(); it.hasNext();) {
> > @@ -207,13 +208,37 @@
> >                      it.remove();
> >                      break;
> >                  }
> > +                i++;
> >              }
> >              if (!cookie.isExpired()) {
> > -                cookies.add(cookie);
> > +		    if (i==0)
> > +		    	   cookies.add(cookie);
> > +		    else	
> > +                	   cookies.add(i,cookie);
> >              }
> >          }
> >      }
> > +    /**
> > +     * Remove an {@link Cookie HTTP cookie}, any existing equivalent
> > cookies.
> > +     * 
> > +     * @param cookie the {@link Cookie cookie} to be removed
> > +     * 
> > +     */
> > +    public synchronized void removeCookie(Cookie cookie) {
> > +        LOG.trace("enter HttpState.removeCookie(Cookie)");
> >  
> > +        if (cookie != null) {
> > +            // first remove any old cookie that is equivalent
> > +            for (Iterator it = cookies.iterator(); it.hasNext();) {
> > +                Cookie tmp = (Cookie) it.next();
> > +                if (cookie.equals(tmp)) {
> > +                    it.remove();
> > +                    break;
> > +                }
> > +            }
> > +        }
> > +    }
> > +
> >      /**
> >       * Adds an array of {@link Cookie HTTP cookies}. Cookies are
> added
> > individually and 
> >       * in the given array order. If any of the given cookies has
> > already expired it will 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message