hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: bug report: invalid cookie format detected for IIS
Date Sun, 09 Jan 2011 11:38:44 GMT
On Sat, 2011-01-08 at 08:34 +0100, Magnus Leuthner wrote:
> Hello developers,
> 
> I've tried to use httpclient 3.x and 4.x with www.hotelextranet.com and from
> what I observe it always seems to get the cookie format wrong. 

The cookie is question violates the HTTP state management specification

> The cookies
> end up garbled unless I specifically set the "NETSCAPE" standard. The
> "BESTFIT" of 4.x doesn't seem to be the best fit for this IIS6 server. The
> headers are (anonymized):
> 
> Connection: close
> Date: Sat, 08 Jan 2011 07:28:19 GMT
> Server: Microsoft-IIS/6.0
> Content-Type: text/html; charset=utf-8
> Client-Date: Sat, 08 Jan 2011 07:28:19 GMT
> Client-Peer: X.X.X.X:443
> Client-Response-Num: 1
> Client-SSL-Cert-Issuer: /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
> Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
> Client-SSL-Cert-Subject:
> /C=US/postalCode=98005/ST=Washington/L=Bellevue/street=3150 139th Avenue
> SE/O=Expedia Inc./OU=Ecommerce Ops/OU=Issued through Expedia Inc. E-PKI
> Manager/OU=Comodo PremiumSSL/CN=hotelextranet.com
> Client-SSL-Cipher: RC4-MD5
> Client-SSL-Warning: Peer certificate not verified
> P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA
> PSD DELi OUR COM NAV PHY ONL PUR UNI"
> Set-Cookie:
> user=v.8,0,XXXXXXXXXXXXX$XXX$XXXXXXX$D46!G0.!5010$1C!70.$EFj$9D$2E$FBl$B9!4$FF!e02000;
> Domain=.hotelextranet.com; path=/
> Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2015 23:59:59 GMT;
> Domain=.hotelextranet.com; path=/
> Set-Cookie: MC1=GUID=XXXXXXXXXXXXXXXXXXXXX; expires=Sunday, 31-Dec-2015
> 23:59:59 GMT; Domain=.hotelextranet.com; path=/
> Set-Cookie:
> NSC_ipufmfyusbofu.dpn-443-mc=XXXXXXXXXXXXXXXXXXXXXXXXXXX;expires=Sat,
> 08-Jan-2011 07:38:19 GMT;path=/;secure
> 
> 
> Without the NETSCAPE cookie format the first comma in the "user" cookie is
> seen as a delimiter and the next cookie begins (name in example:
> XXXXXXXXXXXXX$XXX...), which is not how it should work.

You are wrong. Please refer to the HTTP state management spec for
details.

Oleg



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message