hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregory Chanan <gcha...@cloudera.com>
Subject Best Match Spec assumes netscape cookie even if version present?
Date Thu, 31 Jul 2014 23:34:15 GMT
Over in HADOOP-10911 (https://issues.apache.org/jira/browse/HADOOP-10911)
we are trying to figure out a cookie format that works well with httpclient.

The cookie looks something like this:
hadoop.auth="someValue"; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT;
HttpOnly

The issue with this is the Expires triggers the cookie to be parsed as a
netscape cookie, even though the version field is present (I'm using
httpclient 4.2.5, but trunk seems similar):
https://github.com/apache/httpclient/blob/405f464a84b0bcb70643db78fe916b0bad83936f/httpclient/src/main/java/org/apache/http/impl/cookie/BestMatchSpec.java#L106-L114

and the hadoop.auth value is stored on the client with quotes, since the
netscape cookies do not support quotes (from RFC2109): "Note that the
Expires date format contains embedded spaces, and that "old" cookies did
not have quotes around values. "

Then, when the cookie is sent back to the server, the hadoop.auth value is
quoted again, i.e.:
hadoop.auth=""someValue""; Version=1; Expires=Fri, 01 Aug 2014 09:03:40
GMT; HttpOnly
which causes the server to see the hadoop.auth value as "".

Does this seem like a bug?  It seems like httpclient could handle this in a
number of ways, e.g:
1) having a version field causes the cookie to be parsed even if there is
an expires (note: we'd have to quote the Expires to get it to parse
correctly as a non-netscape cookie)
2) if it's a netscape cookie, it shouldn't be quoted when sent back, since
netscape cookies don't support quotes anyway
3) perhaps some check on the expires, i.e. if it's quoted it's assumed not
to be a netscape cookie, since netscape cookies don't have quotes

Thoughts?
Greg

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message