hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Friedrich (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore
Date Wed, 06 Apr 2016 16:53:25 GMT
Stefan Friedrich created HTTPCLIENT-1735:

             Summary: Set-Cookie headers received in HTTP 401 during Digest Authentication
not stored CookieStore
                 Key: HTTPCLIENT-1735
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1735
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.4.1
         Environment: Client using apache-camel http4 version 2.13.1 running requests against
server using spring-boot.
            Reporter: Stefan Friedrich

We are executing REST requests against a digest protected endpoint. The server uses session
cookies to ensure stickiness.

During the digest roundtrip the first set-cookie header is ignored - thus forcing the server
to create another session cookie that is then returned in the http 200 response.

# Request is made (without cookie)
# Server responds with HTTP 401 and digest authentication challenge (including set-cookie
# Request is done again with authentication header (but still without cookie - this is the
# Response is received with HTTP 200

Subsequent requests with the same HTTPClient instance contain the cookie received during the
HTTP200 response.

This was working fine in version 4.1.1.

It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible for processing
the request and response interceptors (including the RequestAddCookies and ReponseProcessCookies
Interceptors). Unfortunately the 401 processing and re-requesting is done in the nested requestExecutor
(MainClientExec) - and this one only adds the authentication header and disregards any Set-Cookie
headers received in the 401 response.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message