hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Brochoire (JIRA)" <j...@apache.org>
Subject [jira] Created: (HTTPCLIENT-661) Error with quoted cookie value
Date Wed, 27 Jun 2007 20:03:26 GMT
Error with quoted cookie value

                 Key: HTTPCLIENT-661
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-661
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 3.1 RC1, 3.0.1, 3.0 Final
         Environment: Mac OSX 10.4.9
Java 1.5
            Reporter: David Brochoire

If a web server sends this http header (for example, after an authentication) :
  Set-Cookie: cookie-name="quoted-cookie-value-authent-ok";Path=/; secure

In the parsing of cookies, when HttpClient detects a quoted cookie, it strip the
first and the last quote '"', so it stores the value :

When you go on the next page after the authenticate page, with the policy
BROWSER_COMPATIBILITY and all others, HttpClient sends this http header :
  Cookie: cookie-name=quoted-cookie-value-authent-ok

But the server expects to receive the value :
  Cookie: cookie-name="quoted-cookie-value-authent-ok"

and it rejects the client because it doesn't recognize the authenticated cookie.

The server doesn't work correctly because quotation marks in cookie attributes
are optional as long as those attribute values contain no reserved characters,
but I don't have control above and if I do the same test with firefox, it stores
the cookie value with quotes '"'.

So, in the case of the policy BROWSER_COMPATIBILITY it would be better to don't
strip away quotes (like firefox).

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org

View raw message