hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 39241] New: - HTTP cookie is rejected for hosts like "systinet.com"
Date Fri, 07 Apr 2006 16:16:24 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39241

           Summary: HTTP cookie is rejected for hosts like "systinet.com"
           Product: HttpClient
           Version: 3.0.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HttpCookie
        AssignedTo: httpclient-dev@jakarta.apache.org
        ReportedBy: ales@systinet.com


A HTTP GET request on host as "systinet.com" (not "www.systinet.com") responds
the following:

HTTP/1.1 200 OK
Set-Cookie: idx=b7e507c09e9d217ffd33a0c5e08651f4; path=/; domain=.systinet.com
...

so the domain is ".systinet.com" and host is "systinet.com". Such cookie is
rejected by HTTP client:

13:41:19,488 WARN  [HttpMethodBase] Cookie rejected: "$Version=0;
idx=d10e7066cac7572c38c2983dc8440e83; $Domain=.systinet.com; $Path=/". Illegal
domain attribute ".systinet.com". Domain of origin: "systinet.com"

I looked at the HTTP client sources and it seems that
org.apache.commons.httpclient.cookie.CookieSpecBase#validate is written
correctly (see "if (s.startsWith("."))"):

    // domain must match host
    if (!host.endsWith(cookie.getDomain())) {
        String s = cookie.getDomain();
        if (s.startsWith(".")) {
            s = s.substring(1, s.length());
        }
        if (!host.equals(s)) { 
            throw new MalformedCookieException(
                "Illegal domain attribute \"" + cookie.getDomain() 
                + "\". Domain of origin: \"" + host + "\"");
        }
    }

but few steps later a similar code in
org.apache.commons.httpclient.cookie.RFC2109Spec#validate is probably wrong:

    if (!host.endsWith(cookie.getDomain())) {
        throw new MalformedCookieException(
               "Illegal domain attribute \"" + cookie.getDomain() 
               + "\". Domain of origin: \"" + host + "\"");
    }

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message