hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Blum (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1640) Failed to parse cookie max-age attribute
Date Wed, 22 Apr 2015 17:02:59 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14507421#comment-14507421
] 

Scott Blum commented on HTTPCLIENT-1640:
----------------------------------------

It's not mentioned on this issue, but the fix for the issue actually fixes a really severe
bug in RFC6265CookieSpecBase.  Namely, mixed-cased cookie attributes were not being handled
properly.  For example, if the Set-Cookie header being parsed contained a "Path=/foo" attribute,
the path would not be respected at all.  This is because the attributeHandler lookup would
fail (it's keyed to "path").

> Failed to parse cookie max-age attribute 
> -----------------------------------------
>
>                 Key: HTTPCLIENT-1640
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1640
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCookie
>    Affects Versions: 4.4.1
>            Reporter: Ivan Shcheklein
>             Fix For: 4.5
>
>
> [Url to reproduce|http://bit.ly/1Oy8Eho] (need to follow redirects)
> Logs:
> {{2015:04:15 00:47:10,467 [WARN ] org.apache.http.client.protocol.ResponseProcessCookies
- Invalid cookie header: "Set-Cookie: sr=true; path=/; expires=Tue, 14 Apr 2015 21:36:16 GMT;
max-age=30;". Invalid 'expires' attribute: 30}}
> {{RFC6265CookieSpecBase}} tries to parse max-age value with {{LaxExpiresHandler}} that
expects value to be in a cookie-date format, as far I understand. Meanwhile [RFC6265 states|http://tools.ietf.org/html/rfc6265#page-20]:
> "... Append an attribute to the cookie-attribute-list with an attribute-name of Max-Age
and an attribute-value of expiry-time..."
> [It seems|http://tools.ietf.org/html/rfc6265#page-19] it should just ignore invalid expires
value anyway:
> "...If the attribute-value failed to parse as a cookie date, ignore the
>    cookie-av..."



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message