'[jira] Commented: (HTTPCLIENT-661) Error with quoted cookie value'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    [jira] Commented: (HTTPCLIENT-661) Error with quoted cookie value
From:       "Oleg Kalnichevski (JIRA)" <jira () apache ! org>
Date:       2007-06-28 8:02:26
Message-ID: 10088832.1183017746917.JavaMail.jira () brutus
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/HTTPCLIENT-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508763 \
] 

Oleg Kalnichevski commented on HTTPCLIENT-661:
----------------------------------------------

I have no intention of what so ever to provide a workaround for each and every broken \
CGI script out there. What we can do is to make sure that if we receive a cookie \
attribute enclosed in quotation marks we send it back enclosed in quotation marks.

Oleg

> Error with quoted cookie value
> ------------------------------
> 
> Key: HTTPCLIENT-661
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-661
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 3.0 Final, 3.0.1, 3.1 RC1
> Environment: Mac OSX 10.4.9
> Java 1.5
> Firefox 2.0.0.4
> Reporter: David Brochoire
> Priority: Minor
> Fix For: 4.0 Alpha 2
> 
> 
> If a web server sends this http header (for example, after an authentication) :
> Set-Cookie: cookie-name="quoted-cookie-value-authent-ok";Path=/; secure
> In the parsing of cookies, when HttpClient detects a quoted cookie, it strip the
> first and the last quote '"', so it stores the value :
> quoted-cookie-value-authent-ok
> When you go on the next page after the authenticate page, with the policy
> BROWSER_COMPATIBILITY and all others, HttpClient sends this http header :
> Cookie: cookie-name=quoted-cookie-value-authent-ok
> But the server expects to receive the value :
> Cookie: cookie-name="quoted-cookie-value-authent-ok"
> and it rejects the client because it doesn't recognize the authenticated cookie.
> The server doesn't work correctly because quotation marks in cookie attributes
> are optional as long as those attribute values contain no reserved characters,
> but I don't have control above and if I do the same test with firefox, it stores
> the cookie value with quotes '"'.
> So, in the case of the policy BROWSER_COMPATIBILITY it would be better to don't
> strip away quotes (like firefox).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic