Return-Path: Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org Received: (qmail 14993 invoked from network); 4 Mar 2008 02:55:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Mar 2008 02:55:56 -0000 Received: (qmail 27742 invoked by uid 500); 4 Mar 2008 02:55:52 -0000 Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org Received: (qmail 27725 invoked by uid 500); 4 Mar 2008 02:55:52 -0000 Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpClient User Discussion" Delivered-To: mailing list httpclient-users@hc.apache.org Received: (qmail 27716 invoked by uid 99); 4 Mar 2008 02:55:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2008 18:55:52 -0800 X-ASF-Spam-Status: No, hits=1.3 required=10.0 tests=PLING_QUERY,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [60.248.144.94] (HELO mail.cyberpowersystems.com.tw) (60.248.144.94) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 04 Mar 2008 02:55:15 +0000 Received: from 192.168.20.39 by mail.cyberpowersystems.com.tw with Mail2000 ESMTP Server V4.50S(16425:0:AUTH_LOGIN) (envelope-from ); Tue, 04 Mar 2008 10:54:29 +0800 (CST) From: "micky" To: "'HttpClient User Discussion'" References: <11567676.4218291204093616422.JavaMail.servlet@kundenserver> <000301c879ea$f9b695e0$ed23c1a0$@com.tw> <47C8ED33.3070309@dubioso.net> <001d01c87c64$c9783010$5c689030$@com.tw> <47CAA914.4020702@dubioso.net> In-Reply-To: <47CAA914.4020702@dubioso.net> Subject: RE: cookie or session-id is different from the same HttpClient connection?! Date: Tue, 4 Mar 2008 10:53:52 +0800 Message-ID: <001701c87da2$faf6a060$f0e3e120$@com.tw> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 thread-index: Ach80mKk0RerYOm3SfqVZ2Ad1FmETAAzaYIg Content-Language: zh-tw X-Virus-Checked: Checked by ClamAV on apache.org Dear Roland, > You set up the configuration, then you run your application. > Note that the website has instructions for HttpClient 3.x. > The package names as well as the name of the wire logger(s) > have changed in 4.0. I will try how to use the loggers in HttpClient 4.0. > I am sure the server response a valid cookie because of the old code I = wrote can work well. > The old code I use are HttpsURLConnection and HttpURLConnection .=20 > I get a cookie from HttpsURLConnection.getHeaderField(), then I set = the cookie with HttpURLConnection.setRequestProperty() for next = connection, and it works well. > How can you be sure that the cookie is valid if you just > get the header field without parsing and validating it? > The header field by which cookies are received is "Set-Cookie" > or "Set-Cookie2". The header field by which cookies are sent > is "Cookie" and has a different format. Does your code take > that into account? I just use HttpsURLConnection.getHeaderField("Set-Cookie") to get a = cookie String, then I use HttpURLConnection.setRequestProperty("Cookie", = cookie String) for the next connection. And it worked well.=20 > If not, then the reason why it works is probably that the > Sun HttpURLConnection internally handles cookies, just like > HttpClient does. It seems Sun HttpURLConnection didn't handle cookie internally. > > Please note that the first one I use is HttpsURLConnection and the = second one is HttpURLConnection. > Unless the "secure" flag of the cookie is set, that doesn't > make a difference. OK, thanks. >> Does it mean if the protocol changed from HTTPS to HTTP, the = connection session will be different from each other even if I use the = same HttpClient instance? > HttpClient maintains a shared default session state for all > connections. If you don't do something to prevent it, it will > pick up the cookies that were previously set. I think HttpClient should do this as you said too. But I don't know why = it doesn't work for my code now. >> I think I need not to know which cookie version or protocol I receive = or send because the HttpClient's default cookie policy is "Best Match", = am I right? > If you are using HttpClient 4.0 alpha3, the default policy > is "best match" and you shouldn't have to worry. If you are > still on alpha2, there is no "best match" cookie policy. > The feature was added in alpha3. If you are having problems > with it, we need to know what goes wrong. There could still > be a bug somewhere. Yes, I am using HttpClient 4.0 alpha3.=20 And it still can't work well when I want to login a https page then = browse to another http page since the cookie issue occurred. > In previous releases, the default strategy required strict > conformance to the specification, while most browsers and > probably also HttpURLConnection tolerate malformed cookies. So I have another question. Should I handle the cookie management in the server?=20 The server is Struts on Tomcat, and I didn't do any additional action = for handling cookie because I think the server should handle it itself. When I print the cookie content from = HttpClient.getCookieStore().getCookies(), it shows as followings. ---- [version: 0][name: JSESSIONID][name: = 8C20EDB1D409B3AFCE1A1D25CCDE59CE][domain: 127.0.0.1][path: = /agent][expiry: null] ---- Does it a malformed cookies? Is the "expiry" is null normal? Is there any other ways to figure out this problem? Thanks for your kindly reply. Sincerely, Micky --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org For additional commands, e-mail: httpclient-users-help@hc.apache.org