Return-Path: Delivered-To: apmail-hc-dev-archive@www.apache.org Received: (qmail 36410 invoked from network); 26 Oct 2008 14:50:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 26 Oct 2008 14:50:16 -0000 Received: (qmail 52155 invoked by uid 500); 26 Oct 2008 14:50:20 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 52127 invoked by uid 500); 26 Oct 2008 14:50:19 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 52116 invoked by uid 99); 26 Oct 2008 14:50:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Oct 2008 07:50:19 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sebbaz@gmail.com designates 74.125.44.152 as permitted sender) Received: from [74.125.44.152] (HELO yx-out-1718.google.com) (74.125.44.152) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Oct 2008 14:49:08 +0000 Received: by yx-out-1718.google.com with SMTP id 6so442851yxn.88 for ; Sun, 26 Oct 2008 07:49:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=RLKRfZ0Jh7HiFVdnz6p04ONWoNY9n1i1cn0J4w1SRfU=; b=mNcpPMFsu32gEuXS2CmzWuIvI0GTrNbEhM4hX3nxdlaLFH/gChcon1i04xLwSweO+t LZQewPAqBTz9xmOULrTKHvIjA1jmIGztZZ16g2JCV0sVPbN4GuT60UBDjQr9O0OclXcf +SWcXU1Lhdp3OJT70Dk1T7hcn6llsDRJthEaw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=YUlLE6FSHT0Gq3KgxKX7POJ6HjXr3OHrhfqe292qJj0KxxXhftq+BCutcVuataxsCE ZMDBpENqXgCtqFbvRs3qVROvaxdZHRaUAoCwE5/isMYUDX69NX6s3SdYZU/vRK6mKlLm zSh0QPEx0bT3kP4z5GVyfv79UB8zcf0xDthiY= Received: by 10.86.100.19 with SMTP id x19mr2253401fgb.40.1225032576216; Sun, 26 Oct 2008 07:49:36 -0700 (PDT) Received: by 10.86.1.2 with HTTP; Sun, 26 Oct 2008 07:49:36 -0700 (PDT) Message-ID: <25aac9fc0810260749nf019ee5qd43ab135c0d75d55@mail.gmail.com> Date: Sun, 26 Oct 2008 15:49:36 +0100 From: sebb To: "HttpComponents Project" Subject: Re: BestMatchSpec - why does it not choose RFC2109? In-Reply-To: <1225028136.15262.2.camel@ubuntu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <25aac9fc0810251555o1209f547j78d263a385f2004@mail.gmail.com> <1225017462.11216.11.camel@ubuntu> <1225023302.14954.2.camel@ubuntu> <25aac9fc0810260622l609411abhd8a3155aac43a80e@mail.gmail.com> <1225028136.15262.2.camel@ubuntu> X-Virus-Checked: Checked by ClamAV on apache.org On 26/10/2008, Oleg Kalnichevski wrote: > On Sun, 2008-10-26 at 14:22 +0100, sebb wrote: > > On 26/10/2008, Oleg Kalnichevski wrote: > > > On Sun, 2008-10-26 at 11:37 +0100, Oleg Kalnichevski wrote: > > > > On Sat, 2008-10-25 at 23:55 +0100, sebb wrote: > > > > > > > > > Sebastian, > > > > > > You were right. It seems the easiest and cleanest fix would be the make > > > best-match cookie spec pick up RFC2109 spec for cookies generated from > > > 'Set-Cookie' headers. > > > > > > > Agreed, and always use RFC2965 for Set-Cookie2 headers. > > > > The Set-Cookie header did not have a domain, so there may also be a > > problem with the RFC2965 handling of a missing domain (it is optional, > > just checked). > > > > The extracted cookie was set up with the domain "localhost", which of > > course does not have the ".local" part attached. Same thing happened > > when I used the actual local name for the host. Seems to me that > > RFC2965 should add the ".local" suffix if necessary when generating > > the missing domain. > > > > > This sounds odd, because that is what it does. I could not reproduce the > problem with a test case. Would you be able to put together a junit to > reproduce the issue? > I'll have a go later. What I used was the Tomcat Cookie Example running locally combined with a modified ClientFormLogin example from HC SVN, but that's overkill for a test case. Examples that failed are as follows: Set-Cookie: special="abcd=efgh"; Version=1 Set-Cookie: special="abcd efgh"; Version=1 Ones that worked OK are: Set-Cookie: special=abcdefgh <"abcd efgh"> Set-Cookie: special="abcd efgh" It's the ones that have a "Version" attribute that fail for me. Note: the <> above are used to enclose the "cookievalue" parameter I used in the CookieExample form. > Oleg > > > > > > > > > > > > > Oleg > > > > > > > > > > > > > Hi Sebastian, > > > > > > > > Formally speaking RFC2965 superseded RFC2109 and rendered it obsolete. > > > > However, RFC2965, probably, _should_ be backward compatible > > > > > > > > > I've been doing some testing with HttpClient 4.0 beta1, and it is > > > > > rejecting cookies of the form: > > > > > > > > > > Set-Cookie: special="abcd efgh"; Version=1 > > > > > > > > > > > > > This cookie seems to work for me. One with an explicit domain attribute > > > > does not: > > > > > > > > Set-Cookie: special="abcd efgh"; domain="localhost"; Version=1 > > > > > > > > > > > > > when tested against a server on localhost, the error message is: > > > > > > > > > > Illegal domain attribute: "localhost".Domain of origin: "localhost.local" > > > > > > > > > > This appears to be coming from the RFC2965Spec validation which is > > > > > chosen by the BestMatchSpec class. > > > > > > > > > > Surely only Set-Cookie2: headers should be required to pass the > > > > > RFC2965 validation? > > > > > > > > > > > > > Probably you are right, but I would like to revisit the spec to be 100% > > > > sure. > > > > > > > > > It looks like the BestMatchSpec class does not allow for using > > > > > RFC2109, which I would expect to be used here. > > > > > > > > > > > > > We could make this configurable. Would that make sense for you? > > > > > > > > Oleg > > > > > > > > > > > > > I can get round the problem by using an IP address instead of a > > > > > un-dotted host name, but it seems to me that the wrong Cookie spec > > > > > class is being chosen here. > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > > > > > For additional commands, e-mail: dev-help@hc.apache.org > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > > > > For additional commands, e-mail: dev-help@hc.apache.org > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > > > For additional commands, e-mail: dev-help@hc.apache.org > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > > For additional commands, e-mail: dev-help@hc.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > For additional commands, e-mail: dev-help@hc.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org