[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-commons-dev
Subject: [jira] [Created] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authenticat
From: "Stefan Friedrich (JIRA)" <jira () apache ! org>
Date: 2016-04-06 16:53:25
Message-ID: JIRA.12956555.1459961553000.152390.1459961605507 () Atlassian ! JIRA
[Download RAW message or body]
Stefan Friedrich created HTTPCLIENT-1735:
--------------------------------------------
Summary: Set-Cookie headers received in HTTP 401 during Digest \
Authentication not stored CookieStore Key: HTTPCLIENT-1735
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1735
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 4.4.1
Environment: Client using apache-camel http4 version 2.13.1 running requests \
against server using spring-boot. Reporter: Stefan Friedrich
We are executing REST requests against a digest protected endpoint. The server uses \
session cookies to ensure stickiness.
During the digest roundtrip the first set-cookie header is ignored - thus forcing the \
server to create another session cookie that is then returned in the http 200 \
response.
Roundtrip:
# Request is made (without cookie)
# Server responds with HTTP 401 and digest authentication challenge (including \
set-cookie header) # Request is done again with authentication header (but still \
without cookie - this is the bug) # Response is received with HTTP 200
Subsequent requests with the same HTTPClient instance contain the cookie received \
during the HTTP200 response.
This was working fine in version 4.1.1.
It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible \
for processing the request and response interceptors (including the RequestAddCookies \
and ReponseProcessCookies Interceptors). Unfortunately the 401 processing and \
re-requesting is done in the nested requestExecutor (MainClientExec) - and this one \
only adds the authentication header and disregards any Set-Cookie headers received in \
the 401 response.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic