hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "praveen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1720) secure cookies are not being sent to host:443 requests!
Date Mon, 15 Feb 2016 17:13:18 GMT
praveen created HTTPCLIENT-1720:
-----------------------------------

             Summary: secure cookies are not being sent to host:443 requests!
                 Key: HTTPCLIENT-1720
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1720
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.5.1
            Reporter: praveen


Hello,

I observed the server is setting secure=true flag on 2 cookies, and they are not being sent
with any further requests in HC 4.5.1 (i tried with earlier version, upto 4.3 as well), even
when the request is being sent to https url, thus the session with server is broken.

wire logs snippets:

......
05 Feb 2016 22:51:31,936 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] CookieSpec selected: standard
05 Feb 2016 22:51:31,936 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: a-ogbcbff][value: 1][domain: amazon.com][path: /][expiry: Fri
Feb 05 23:04:30 IST 2016] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: session-id][value: 187-0...118442][domain: amazon.com][path: /][expiry:
Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: session-id-time][value: 2082787201l][domain: amazon.com][path:
/][expiry: Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: session-token][value: bL7a..2OAg==][domain: amazon.com][path:
/][expiry: Thu Jan 31 22:50:38 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: skin][value: noskin][domain: amazon.com][path: /][expiry: null]
match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: ubid-main][value: 185-8870350-8865056][domain: amazon.com][path:
/][expiry: Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,938 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: x-main][value: 0A8G..QeW][domain: amazon.com][path: /][expiry:
Thu Jan 31 22:50:38 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,938 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies.process()
] Cookie [version: 0][name: x-wl-uid][value: 16a..28=][domain: amazon.com][path: /][expiry:
Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,938 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache.process()
] Auth cache not set in the context
..........


whereas the cookie store at this request time held these cookies:

[
  { "name": "a-ogbcbff", "value": "1", "creationDate": 1454692838839, "path": "/", "comment":
null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate": 1454693670000,
"commentURL": null, "persistent": true, "ports": null
  },
  { "name": "at-main", "value": "5|X5..fS50", "creationDate": 1454692838841, "path": "/",
"comment": null, "version": 0, "domain": "amazon.com", "secure": true, "expiryDate": 2085412830000,
"commentURL": null, "persistent": true, "ports": null
  },
  { "name": "sess-at-main", "value": "qEy..Sc=", "creationDate": 1454692838841, "path": "/",
"comment": null, "version": 0, "domain": "amazon.com", "secure": true, "expiryDate": null,
"commentURL": null, "persistent": false, "ports": null
  },
  { "name": "session-id", "value": "187-0721455-2118442", "creationDate": 1454692892527, "path":
"/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate":
2082787201000, "commentURL": null, "persistent": true, "ports": null
  },
  { "name": "session-id-time", "value": "2082787201l", "creationDate": 1454692892527, "path":
"/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate":
2082787201000, "commentURL": null, "persistent": true, "ports": null
  },
  { "name": "session-token", "value": "bL7a..Ag==", "creationDate": 1454692838840, "path":
"/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate":
2085412838840, "commentURL": null, "persistent": true, "ports": null
  },
  { "name": "skin", "value": "noskin", "creationDate": 1454692839279, "path": "/", "comment":
null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate": null, "commentURL":
null, "persistent": false, "ports": null
  },
  { "name": "ubid-main", "value": "185-8870350-8865056", "creationDate": 1454692892527, "path":
"/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate":
2082787201000, "commentURL": null, "persistent": true, "ports": null
  },
  { "name": "x-main", "value": "0A8G...h9QeW", "creationDate": 1454692838841, "path": "/",
"comment": null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate": 2085412838841,
"commentURL": null, "persistent": true, "ports": null
  },
  { "name": "x-wl-uid", "value": "16aq..0C28=", "creationDate": 1454692839280, "path": "/",
"comment": null, "version": 0, "domain": "amazon.com", "secure": false, "expiryDate": 2082787201000,
"commentURL": null, "persistent": true, "ports": null
  }
]


Interestingly, if i reset the secure flag to false of each cookie in the cookieStore after
the request was made, then everything goes fine and session is maintained. 
Didn't capture that logs.. Will do and post again.


I used below code to create the client:

RequestConfig globalRequestConfig = RequestConfig.custom()
.setCookieSpec(CookieSpecs.STANDARD)
......

CloseableHttpClient httpClient = HttpClientBuilder.create()
.setDefaultRequestConfig(globalRequestConfig)
.setDefaultCookieStore(cookieStore)
..............

Am i doing anything wrong, or is something missed, or is it a bug?



Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message