hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hoef, Jan" <Jan.H...@cycos.com>
Subject RE: cookie processing
Date Mon, 20 Feb 2006 14:46:06 GMT
Thanx for your explanation. I'll try out the Netscape cookie draft spec.
However the httpclient code generates only 3 cookies out of it, not 4.

Jan

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: maandag 20 februari 2006 15:36
To: HttpClient Project
Subject: Re: cookie processing

On Mon, 2006-02-20 at 14:34 +0100, Hoef, Jan wrote:
> Hi,
>  
> I am working with the jakarta project slide that uses the
> commons-httpclient-2.0.2. 
> I have written a client that sends requests via webdav  to the
microsoft
> exchange server 2003.
> In the exchange server form based authentication is active. 
> Wenn I enter my logon credentials in my post request, the server
> responds containing 2 cookies that are needed in all next request.
> These cookies are, e.g.:
> - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/
> -
>
cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> P+E2OfwYC4rWCMgGe; HttpOnly; secure; path=/
>  
> However at parsing the cookies, 3 cookies are recognized, i.e.:
> - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828
> - 0x409
> -
>
cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> P+E2OfwYC4rWCMgGe
>  
> The 0x409 part should not be a cookie but should be a part of the
> sessionid cookie!!!
>  

No, this is wrong. The cookie sessionid clearly violates the HTTP spec
and the Cookie and Cookie2 specs. Please report this bug to the software
manufacturer.

Actually you should be getting 4 cookies in total, as the cadata cookie
is invalid as well.

HttpClient 3.0 provides the Netscape Draft cookie spec which may work
with these cookies. Netscape Cookie Draft is the only spec that permits
the use of special separator characters, such as comma, in cookie values
that are not enclosed in quotes

Hope this explains the situation

Oleg  


> The ideal solution would be to correct this in the cookie parser.
> Because I am no expert in cookies and httpclient, Ii changed the
> httpstate class in such a  way that I can manipulate the cookies. See
> path below.
>  
> Jan
>  
> 
> 
> [patch]
> Index:
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> ava
> ===================================================================
> ---
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> ava	(revision 379076)
> +++
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> ava	(working copy)
> @@ -1,7 +1,7 @@
>  /*
>   * $Header:
>
/home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commo
> ns//httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v
> 1.22.2.3 2003/10/29 03:08:49 mbecke Exp $
>   * $Revision: 1.22.2.3 $
> - * $Date: 2003/10/29 03:08:49 $
> + * $Date$
>   *
>   *
====================================================================
>   *
> @@ -96,7 +96,7 @@
>   * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike
> Bowler</a>
>   * @author <a href="mailto:adrian@intencha.com">Adrian Sutton</a>
>   * 
> - * @version $Revision: 1.22.2.3 $ $Date: 2003/10/29 03:08:49 $
> + * @version $Revision: 1.22.2.3 $ $Date$
>   * 
>   */
>  public class HttpState {
> @@ -199,6 +199,7 @@
>      public synchronized void addCookie(Cookie cookie) {
>          LOG.trace("enter HttpState.addCookie(Cookie)");
>  
> +        int i = 0;
>          if (cookie != null) {
>              // first remove any old cookie that is equivalent
>              for (Iterator it = cookies.iterator(); it.hasNext();) {
> @@ -207,13 +208,37 @@
>                      it.remove();
>                      break;
>                  }
> +                i++;
>              }
>              if (!cookie.isExpired()) {
> -                cookies.add(cookie);
> +		    if (i==0)
> +		    	   cookies.add(cookie);
> +		    else	
> +                	   cookies.add(i,cookie);
>              }
>          }
>      }
> +    /**
> +     * Remove an {@link Cookie HTTP cookie}, any existing equivalent
> cookies.
> +     * 
> +     * @param cookie the {@link Cookie cookie} to be removed
> +     * 
> +     */
> +    public synchronized void removeCookie(Cookie cookie) {
> +        LOG.trace("enter HttpState.removeCookie(Cookie)");
>  
> +        if (cookie != null) {
> +            // first remove any old cookie that is equivalent
> +            for (Iterator it = cookies.iterator(); it.hasNext();) {
> +                Cookie tmp = (Cookie) it.next();
> +                if (cookie.equals(tmp)) {
> +                    it.remove();
> +                    break;
> +                }
> +            }
> +        }
> +    }
> +
>      /**
>       * Adds an array of {@link Cookie HTTP cookies}. Cookies are
added
> individually and 
>       * in the given array order. If any of the given cookies has
> already expired it will 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
httpclient-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message