hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore
Date Thu, 07 Apr 2016 08:35:25 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Oleg Kalnichevski resolved HTTPCLIENT-1735.
    Resolution: Duplicate

> Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore
> -------------------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1735
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1735
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.4.1
>         Environment: Client using apache-camel http4 version 2.13.1 running requests
against server using spring-boot.
>            Reporter: Stefan Friedrich
> We are executing REST requests against a digest protected endpoint. The server uses session
cookies to ensure stickiness.
> During the digest roundtrip the first set-cookie header is ignored - thus forcing the
server to create another session cookie that is then returned in the http 200 response.
> Roundtrip:
> # Request is made (without cookie)
> # Server responds with HTTP 401 and digest authentication challenge (including set-cookie
> # Request is done again with authentication header (but still without cookie - this is
the bug)
> # Response is received with HTTP 200
> Subsequent requests with the same HTTPClient instance contain the cookie received during
the HTTP200 response.
> This was working fine in version 4.1.1.
> It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible for
processing the request and response interceptors (including the RequestAddCookies and ReponseProcessCookies
Interceptors). Unfortunately the 401 processing and re-requesting is done in the nested requestExecutor
(MainClientExec) - and this one only adds the authentication header and disregards any Set-Cookie
headers received in the 401 response.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message