hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1546) Cookie values can end up being double quoted
Date Wed, 20 Aug 2014 07:56:26 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14103583#comment-14103583

Oleg Kalnichevski commented on HTTPCLIENT-1546:

Are you sure you have used the latest snapshot?

The following unit test passes for me

public void testVersion1CookieWithInvalidExpires2() throws Exception {
    final CookieSpec cookiespec = new BrowserCompatSpec();
    final CookieOrigin origin = new CookieOrigin("myhost.mydomain.com", 80, "/", false);

    final Header origHeader = new BasicHeader("Set-Cookie",
" +
                    "Version=1; Expires=Wed, 20-Aug-2014 07:36:11 GMT; HttpOnly");
    final List<Cookie> cookies = cookiespec.parse(origHeader, origin);
    Assert.assertEquals(1, cookies.size());

    final List<Header> headers = cookiespec.formatCookies(cookies);
    Assert.assertEquals(1, headers.size());
    final Header header1 = headers.get(0);


> Cookie values can end up being double quoted
> --------------------------------------------
>                 Key: HTTPCLIENT-1546
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1546
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCookie
>            Reporter: Gregory Chanan
>             Fix For: 4.3.6, 4.4 Alpha2
> I mentioned this issue on the mailing list and Oleg asked me to file a JIRA.
> I have a cookie like this:
> hadoop.auth="someValue"; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT; HttpOnly
> Because it has an "Expires" attribute, httpclient treats it as a netscape cookie.  But,
when it is sent back to the server, it's sent double-quoted:
> hadoop.auth=""someValue""; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT; HttpOnly
> which causes the server to see the hadoop.auth value as "".
> So, it seems like httpclient is being inconsistent in how it treats the version; it first
assumes version 0, but then treats it as version 1 and assumes it can add quotes.  Even though
the cookie is not a valid Version=1 Cookie, ideally httpclient would not double quote the
> NOTE: I tested this on httpclient 4.2.5, but that's not a choice for "Affects Version"

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message