hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hoef, Jan" <Jan.H...@cycos.com>
Subject RE: cookie processing
Date Mon, 20 Feb 2006 16:32:23 GMT
Hi Oleg,

I had a wrong statement in my first mail, the value of the second cookie
was quoted.
cadata="1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHs
uP+E2OfwYC4rWCMgGe".

I tested it on httpclient 2 and 3.
Only the netscape draft spec of httpclient 3 parsed the sessionid cookie
into 1 cookie all the other made 2 cookies from it.

Jan 

Testcase httpclient3:


package org.apache.commons.httpclient.cookie;

import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.cookie.CookieSpec;

import junit.framework.TestCase;

public class TestWrongCookie extends TestCase {
     
    public void testParseRFC2109() throws Exception {
 
        CookieSpec parser = new RFC2109Spec();
        String setCookie1 =
"sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/";
        String setCookie2 =
"cadata=\"1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QU
HsuP+E2OfwYC4rWCMgGe\"; HttpOnly; secure; path=/";
        Cookie[] parsed1 =
parser.parse("127.0.0.1",80,"/",true,setCookie1);
        Cookie[] parsed2 =
parser.parse("127.0.0.1",80,"/",true,setCookie2);
        assertEquals(2,parsed1.length);
        assertEquals(1,parsed2.length);
     }
    
    public void testParseNetscape() throws Exception {
 
        
        CookieSpec parser = new NetscapeDraftSpec();
        String setCookie1 =
"sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/";
        String setCookie2 =
"cadata=\"1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QU
HsuP+E2OfwYC4rWCMgGe\"; HttpOnly; secure; path=/";
        Cookie[] parsed1 =
parser.parse("127.0.0.1",80,"/",true,setCookie1);
        Cookie[] parsed2 =
parser.parse("127.0.0.1",80,"/",true,setCookie2);
        assertEquals(1,parsed1.length);
        assertEquals(1,parsed2.length);
     }
}

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: maandag 20 februari 2006 15:54
To: HttpClient Project
Subject: RE: cookie processing

On Mon, 2006-02-20 at 15:46 +0100, Hoef, Jan wrote:
> Thanx for your explanation. I'll try out the Netscape cookie draft
spec.
> However the httpclient code generates only 3 cookies out of it, not 4.
> 
> Jan
> 

Jan,
I have not touched the HttpClient 2.x code for almost 6 months now, so I
may well be wrong about it, but I do see that both cookies violate the
HTTP spec. Try hitting the site with HttpClient 3.0 and see if that
makes any difference

Oleg 


> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sent: maandag 20 februari 2006 15:36
> To: HttpClient Project
> Subject: Re: cookie processing
> 
> On Mon, 2006-02-20 at 14:34 +0100, Hoef, Jan wrote:
> > Hi,
> >  
> > I am working with the jakarta project slide that uses the
> > commons-httpclient-2.0.2. 
> > I have written a client that sends requests via webdav  to the
> microsoft
> > exchange server 2003.
> > In the exchange server form based authentication is active. 
> > Wenn I enter my logon credentials in my post request, the server
> > responds containing 2 cookies that are needed in all next request.
> > These cookies are, e.g.:
> > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/
> > -
> >
>
cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > P+E2OfwYC4rWCMgGe; HttpOnly; secure; path=/
> >  
> > However at parsing the cookies, 3 cookies are recognized, i.e.:
> > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828
> > - 0x409
> > -
> >
>
cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > P+E2OfwYC4rWCMgGe
> >  
> > The 0x409 part should not be a cookie but should be a part of the
> > sessionid cookie!!!
> >  
> 
> No, this is wrong. The cookie sessionid clearly violates the HTTP spec
> and the Cookie and Cookie2 specs. Please report this bug to the
software
> manufacturer.
> 
> Actually you should be getting 4 cookies in total, as the cadata
cookie
> is invalid as well.
> 
> HttpClient 3.0 provides the Netscape Draft cookie spec which may work
> with these cookies. Netscape Cookie Draft is the only spec that
permits
> the use of special separator characters, such as comma, in cookie
values
> that are not enclosed in quotes
> 
> Hope this explains the situation
> 
> Oleg  
> 
> 
> > The ideal solution would be to correct this in the cookie parser.
> > Because I am no expert in cookies and httpclient, Ii changed the
> > httpstate class in such a  way that I can manipulate the cookies.
See
> > path below.
> >  
> > Jan
> >  
> > 
> > 
> > [patch]
> > Index:
> >
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava
> > ===================================================================
> > ---
> >
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava	(revision 379076)
> > +++
> >
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava	(working copy)
> > @@ -1,7 +1,7 @@
> >  /*
> >   * $Header:
> >
>
/home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commo
> >
ns//httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v
> > 1.22.2.3 2003/10/29 03:08:49 mbecke Exp $
> >   * $Revision: 1.22.2.3 $
> > - * $Date: 2003/10/29 03:08:49 $
> > + * $Date$
> >   *
> >   *
> ====================================================================
> >   *
> > @@ -96,7 +96,7 @@
> >   * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike
> > Bowler</a>
> >   * @author <a href="mailto:adrian@intencha.com">Adrian Sutton</a>
> >   * 
> > - * @version $Revision: 1.22.2.3 $ $Date: 2003/10/29 03:08:49 $
> > + * @version $Revision: 1.22.2.3 $ $Date$
> >   * 
> >   */
> >  public class HttpState {
> > @@ -199,6 +199,7 @@
> >      public synchronized void addCookie(Cookie cookie) {
> >          LOG.trace("enter HttpState.addCookie(Cookie)");
> >  
> > +        int i = 0;
> >          if (cookie != null) {
> >              // first remove any old cookie that is equivalent
> >              for (Iterator it = cookies.iterator(); it.hasNext();) {
> > @@ -207,13 +208,37 @@
> >                      it.remove();
> >                      break;
> >                  }
> > +                i++;
> >              }
> >              if (!cookie.isExpired()) {
> > -                cookies.add(cookie);
> > +		    if (i==0)
> > +		    	   cookies.add(cookie);
> > +		    else	
> > +                	   cookies.add(i,cookie);
> >              }
> >          }
> >      }
> > +    /**
> > +     * Remove an {@link Cookie HTTP cookie}, any existing
equivalent
> > cookies.
> > +     * 
> > +     * @param cookie the {@link Cookie cookie} to be removed
> > +     * 
> > +     */
> > +    public synchronized void removeCookie(Cookie cookie) {
> > +        LOG.trace("enter HttpState.removeCookie(Cookie)");
> >  
> > +        if (cookie != null) {
> > +            // first remove any old cookie that is equivalent
> > +            for (Iterator it = cookies.iterator(); it.hasNext();) {
> > +                Cookie tmp = (Cookie) it.next();
> > +                if (cookie.equals(tmp)) {
> > +                    it.remove();
> > +                    break;
> > +                }
> > +            }
> > +        }
> > +    }
> > +
> >      /**
> >       * Adds an array of {@link Cookie HTTP cookies}. Cookies are
> added
> > individually and 
> >       * in the given array order. If any of the given cookies has
> > already expired it will 
> > 
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
httpclient-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
httpclient-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message