hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Mocker <mock+apa...@fakebelieve.org>
Subject Re: HttpClient and cookies
Date Mon, 20 Oct 2008 16:42:14 GMT
It sounds like your webserver, or whatever is generating & processing 
the session cookie, is in error. From my reads of RFC2109 & RFC2068, 
quotes are reserved characters, they are not allowed in the cookie value.

They say the cookie value can be either

                     token | quoted-string

where

          token          = 1*<any CHAR except CTLs or tspecials>

          tspecials      = "(" | ")" | "<" | ">" | "@"
                         | "," | ";" | ":" | "\" | <">
                         | "/" | "[" | "]" | "?" | "="
                         | "{" | "}" | SP | HT

and

          quoted-string  = ( <"> *(qdtext) <"> )

          qdtext         = <any TEXT except <">>


So in your example, the quoted-string form is used, therefore the quotes 
are not part of the cookie value.

Perhaps one of the developers can comment?

  --joe


Reinhard Pagitsch wrote:
> Hello to all,
>
> From our webserver I get a session cookie in the form 
> POSESSIONID="dfgsdfgsdg="
> But the HTTPClient sends back the cookie in the form 
> POSESSIONID=dfgsdfgsdg=.
> Therefore no authentication is done. Is there a way to configure the 
> HttpClient to send back
> the session cookie as it is and do no modifications?
>
> Thank you,
> Reinhard
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message