'[jira] [Created] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authenticat'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    [jira] [Created] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authenticat
From:       "Stefan Friedrich (JIRA)" <jira () apache ! org>
Date:       2016-04-06 16:53:25
Message-ID: JIRA.12956555.1459961553000.152390.1459961605507 () Atlassian ! JIRA
[Download RAW message or body]

Stefan Friedrich created HTTPCLIENT-1735:
--------------------------------------------

             Summary: Set-Cookie headers received in HTTP 401 during Digest \
Authentication not stored CookieStore  Key: HTTPCLIENT-1735
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1735
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.4.1
         Environment: Client using apache-camel http4 version 2.13.1 running requests \
against server using spring-boot.  Reporter: Stefan Friedrich


We are executing REST requests against a digest protected endpoint. The server uses \
session cookies to ensure stickiness.

During the digest roundtrip the first set-cookie header is ignored - thus forcing the \
server to create another session cookie that is then returned in the http 200 \
response.

Roundtrip:
# Request is made (without cookie)
# Server responds with HTTP 401 and digest authentication challenge (including \
set-cookie header) # Request is done again with authentication header (but still \
without cookie - this is the bug) # Response is received with HTTP 200

Subsequent requests with the same HTTPClient instance contain the cookie received \
during the HTTP200 response.

This was working fine in version 4.1.1.

It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible \
for processing the request and response interceptors (including the RequestAddCookies \
and ReponseProcessCookies Interceptors). Unfortunately the 401 processing and \
re-requesting is done in the nested requestExecutor (MainClientExec) - and this one \
only adds the authentication header and disregards any Set-Cookie headers received in \
the 401 response.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic