You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by bu...@apache.org on 2006/04/07 18:16:24 UTC

DO NOT REPLY [Bug 39241] New: - HTTP cookie is rejected for hosts like "systinet.com"

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39241

           Summary: HTTP cookie is rejected for hosts like "systinet.com"
           Product: HttpClient
           Version: 3.0.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HttpCookie
        AssignedTo: httpclient-dev@jakarta.apache.org
        ReportedBy: ales@systinet.com


A HTTP GET request on host as "systinet.com" (not "www.systinet.com") responds
the following:

HTTP/1.1 200 OK
Set-Cookie: idx=b7e507c09e9d217ffd33a0c5e08651f4; path=/; domain=.systinet.com
...

so the domain is ".systinet.com" and host is "systinet.com". Such cookie is
rejected by HTTP client:

13:41:19,488 WARN  [HttpMethodBase] Cookie rejected: "$Version=0;
idx=d10e7066cac7572c38c2983dc8440e83; $Domain=.systinet.com; $Path=/". Illegal
domain attribute ".systinet.com". Domain of origin: "systinet.com"

I looked at the HTTP client sources and it seems that
org.apache.commons.httpclient.cookie.CookieSpecBase#validate is written
correctly (see "if (s.startsWith("."))"):

    // domain must match host
    if (!host.endsWith(cookie.getDomain())) {
        String s = cookie.getDomain();
        if (s.startsWith(".")) {
            s = s.substring(1, s.length());
        }
        if (!host.equals(s)) { 
            throw new MalformedCookieException(
                "Illegal domain attribute \"" + cookie.getDomain() 
                + "\". Domain of origin: \"" + host + "\"");
        }
    }

but few steps later a similar code in
org.apache.commons.httpclient.cookie.RFC2109Spec#validate is probably wrong:

    if (!host.endsWith(cookie.getDomain())) {
        throw new MalformedCookieException(
               "Illegal domain attribute \"" + cookie.getDomain() 
               + "\". Domain of origin: \"" + host + "\"");
    }

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

DO NOT REPLY [Bug 39241] - HTTP cookie is rejected for hosts like "systinet.com"

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39241


ales@systinet.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |VERIFIED




------- Additional Comments From ales@systinet.com  2006-04-08 00:14 -------
OK, Thanks.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org

DO NOT REPLY [Bug 39241] - HTTP cookie is rejected for hosts like "systinet.com"

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39241>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39241


http-async@dubioso.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From http-async@dubioso.net  2006-04-07 18:39 -------
This behavior is exactly as specified by RFC 2109 and
has been discussed more than once on the mailing lists.

If you need tolerance for non-compliant servers, please use the
browser compatibility cookie spec as described in the cookie guide:
http://jakarta.apache.org/commons/httpclient/cookies.html

cheers,
  Roland

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org