hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Cookies with a comma in the value
Date Thu, 14 Jun 2007 08:18:34 GMT
On Wed, 2007-06-13 at 16:50 -0700, TopDogTickets wrote:
> Oleg,
> 
> The file was too large to post. I have uploaded it
> here:
> 
> http://esbweb.com/cookie.log
> 
> The relevant lines seem to be:
> 
> 2007/06/13 16:22:11:935 PDT [DEBUG] header - <<
> "Set-Cookie:
> SESSION_ID=7820838,q5oP8pDYCKQ2I61CHqgZHol8Q4mDbqa2laWSMD2fwtHsuZs1TTLNendIkAqD0o0Q;
> path=/;[\r][\n]"
> 
> and 
> 
> 2007/06/13 16:22:11:978 PDT [DEBUG] HttpMethodBase -
> Cookie accepted: "SESSION_ID=7820838"
> 2007/06/13 16:22:11:981 PDT [DEBUG] HttpMethodBase -
> Cookie accepted:
> "q5oP8pDYCKQ2I61CHqgZHol8Q4mDbqa2laWSMD2fwtHsuZs1TTLNendIkAqD0o0Q="
> 
> It seems to be treating it as two different cookies
> separated by the comma, instead of one cookie
> including the comma.

Yes, it is, and it is absolutely correct in doing so. Comma is a
reserved character intended to be used as a header element delimiter.
Cookie attribute values that contain reserved characters such as comma
must be enclosed with quotation marks. 

Netscape cookie policy is the only cookie spec in HttpClient, which does
not attempt to split Set-Cookie header values into header elements and
it should produce the result you expect. Try Netscape draft cookie spec.

Oleg


>  The sever then complains about
> the browser not accepting cookies properly. 
> 
> Dan
> 
> --- Oleg Kalnichevski <olegk@apache.org> wrote:
> 
> > On Tue, 2007-06-12 at 16:05 -0700, mendels wrote:
> > > I am trying to interface to a site that uses a
> > comma
> > > in the value of one of their cookies. It seems
> > that
> > > httpclient truncates everything in the cookie
> > after
> > > the comma which causes the server to return an
> > error
> > > when the page is returned. I believe that the
> > server
> > > is violating the spec for cookies, but I do not
> > have
> > > any control over what it does. Is there some mode
> > you
> > > can put httpclient in that will not cut off the
> > > illegal values in the cookies. I have tried
> > NETSCAPE
> > > and BROWSER_COMPATIBILITY mode and they both do
> > the
> > > same thing. You would think that the compatibility
> > > mode would be compliant with this case, even if it
> > > violates the spec. Any help would be appreciated.
> > > 
> > > Dan
> > > 
> > > 
> > 
> > Dan,
> > 
> > Please post a complete wire / context log of the
> > HTTP session
> > 
> >
> http://jakarta.apache.org/commons/httpclient/logging.html
> > 
> > Oleg
> > 
> > > 
> > > 
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> > > 
> > > 
> > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message