You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by bu...@apache.org on 2006/04/07 18:16:24 UTC
DO NOT REPLY [Bug 39241] New: - HTTP cookie is rejected for hosts like "systinet.com"
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39241
Summary: HTTP cookie is rejected for hosts like "systinet.com"
Product: HttpClient
Version: 3.0.1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: HttpCookie
AssignedTo: httpclient-dev@jakarta.apache.org
ReportedBy: ales@systinet.com
A HTTP GET request on host as "systinet.com" (not "www.systinet.com") responds
the following:
HTTP/1.1 200 OK
Set-Cookie: idx=b7e507c09e9d217ffd33a0c5e08651f4; path=/; domain=.systinet.com
...
so the domain is ".systinet.com" and host is "systinet.com". Such cookie is
rejected by HTTP client:
13:41:19,488 WARN [HttpMethodBase] Cookie rejected: "$Version=0;
idx=d10e7066cac7572c38c2983dc8440e83; $Domain=.systinet.com; $Path=/". Illegal
domain attribute ".systinet.com". Domain of origin: "systinet.com"
I looked at the HTTP client sources and it seems that
org.apache.commons.httpclient.cookie.CookieSpecBase#validate is written
correctly (see "if (s.startsWith("."))"):
// domain must match host
if (!host.endsWith(cookie.getDomain())) {
String s = cookie.getDomain();
if (s.startsWith(".")) {
s = s.substring(1, s.length());
}
if (!host.equals(s)) {
throw new MalformedCookieException(
"Illegal domain attribute \"" + cookie.getDomain()
+ "\". Domain of origin: \"" + host + "\"");
}
}
but few steps later a similar code in
org.apache.commons.httpclient.cookie.RFC2109Spec#validate is probably wrong:
if (!host.endsWith(cookie.getDomain())) {
throw new MalformedCookieException(
"Illegal domain attribute \"" + cookie.getDomain()
+ "\". Domain of origin: \"" + host + "\"");
}
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 39241] - HTTP cookie is rejected for hosts like "systinet.com"
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39241
ales@systinet.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
------- Additional Comments From ales@systinet.com 2006-04-08 00:14 -------
OK, Thanks.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 39241] - HTTP cookie is rejected for hosts like "systinet.com"
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39241
http-async@dubioso.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From http-async@dubioso.net 2006-04-07 18:39 -------
This behavior is exactly as specified by RFC 2109 and
has been discussed more than once on the mailing lists.
If you need tolerance for non-compliant servers, please use the
browser compatibility cookie spec as described in the cookie guide:
http://jakarta.apache.org/commons/httpclient/cookies.html
cheers,
Roland
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org