hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Magnus Leuthner <magnus.leuth...@googlemail.com>
Subject bug report: invalid cookie format detected for IIS
Date Sat, 08 Jan 2011 07:34:48 GMT
Hello developers,

I've tried to use httpclient 3.x and 4.x with www.hotelextranet.com and from
what I observe it always seems to get the cookie format wrong. The cookies
end up garbled unless I specifically set the "NETSCAPE" standard. The
"BESTFIT" of 4.x doesn't seem to be the best fit for this IIS6 server. The
headers are (anonymized):

Connection: close
Date: Sat, 08 Jan 2011 07:28:19 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html; charset=utf-8
Client-Date: Sat, 08 Jan 2011 07:28:19 GMT
Client-Peer: X.X.X.X:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
Client-SSL-Cert-Subject:
/C=US/postalCode=98005/ST=Washington/L=Bellevue/street=3150 139th Avenue
SE/O=Expedia Inc./OU=Ecommerce Ops/OU=Issued through Expedia Inc. E-PKI
Manager/OU=Comodo PremiumSSL/CN=hotelextranet.com
Client-SSL-Cipher: RC4-MD5
Client-SSL-Warning: Peer certificate not verified
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA
PSD DELi OUR COM NAV PHY ONL PUR UNI"
Set-Cookie:
user=v.8,0,XXXXXXXXXXXXX$XXX$XXXXXXX$D46!G0.!5010$1C!70.$EFj$9D$2E$FBl$B9!4$FF!e02000;
Domain=.hotelextranet.com; path=/
Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2015 23:59:59 GMT;
Domain=.hotelextranet.com; path=/
Set-Cookie: MC1=GUID=XXXXXXXXXXXXXXXXXXXXX; expires=Sunday, 31-Dec-2015
23:59:59 GMT; Domain=.hotelextranet.com; path=/
Set-Cookie:
NSC_ipufmfyusbofu.dpn-443-mc=XXXXXXXXXXXXXXXXXXXXXXXXXXX;expires=Sat,
08-Jan-2011 07:38:19 GMT;path=/;secure


Without the NETSCAPE cookie format the first comma in the "user" cookie is
seen as a delimiter and the next cookie begins (name in example:
XXXXXXXXXXXXX$XXX...), which is not how it should work. Firefox gets this
right, but Arora doesn't (I suspect because of the cookie format, but I've
not investigated further). I'm not familiar with the inner workings of
httpclient but I suspect one possible solution could be to use the Server:
header to determine IIS machines of this kind and use the NETSCAPE cookie
format then?

Kind regards
Magnus

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message