You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@arrow.apache.org by James Duong <ja...@bitquilltech.com> on 2020/10/30 03:43:54 UTC
[FlightRPC][Java] HTTP cookie support
Hi all,
I've created a PR for changing the Java FlightClient to have the ability to
send/receive cookie headers:
https://github.com/apache/arrow/pull/8554
I ran into a few apparent bugs in the JDK HttpCookie.parse method though:
- The HttpCookie class treats Max-Age=-1 as a sentinel to say there is
no expiration. However the RFC spec for Set-Cookie says that any zero or
negative max-age should result in instant expiration of the cookie. The
JDK's HttpCookie class doesn't differentiate between these two cases in the
isExpired function.
- The HttpCookie.parse method is supposed to return a list of multiple
cookies when using a Set-Cookie2 header containing multiple cookies, but
this doesn't seem to work. You wind up getting a single cookie with the
original input separated by comma.
I have tests exposing these two issues that are marked as Ignore for now.
--
*James Duong*
Lead Software Developer
Bit Quill Technologies Inc.
Direct: +1.604.562.6082 | jamesd@bitquilltech.com
https://www.bitquilltech.com
This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure, or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy
all copies of the original message. Thank you.
Re: [FlightRPC][Java] HTTP cookie support
Posted by David Li <li...@gmail.com>.
I'd rather people opt in to extra functionality (we don't even require
TLS by default, though gRPC itself does in Java).
On that note, I see a somewhat related proposal for sessions in
Flight; it's worth thinking if that can just be built on top of
cookies: https://issues.apache.org/jira/browse/ARROW-10427
David
On 10/30/20, James Duong <ja...@bitquilltech.com> wrote:
> Thanks for the feedback David.
>
> I'll add a client builder option to make it more convenient to enable.
> Actually, would it make sense for something like this to be enabled by
> default?
>
> There's no drawback when connecting to FlightServers that don't use
> cookies other than a bit of overhead searching for the Set-Cookie header.
>
> On Fri, Oct 30, 2020 at 7:05 AM David Li <li...@gmail.com> wrote:
>
>> Hey James,
>>
>> I looked over the PR and it seems quite straightforward - thanks for
>> contributing this.
>>
>> Best,
>> David
>>
>> On 10/29/20, James Duong <ja...@bitquilltech.com> wrote:
>> > Hi all,
>> >
>> > I've created a PR for changing the Java FlightClient to have the
>> > ability
>> to
>> > send/receive cookie headers:
>> > https://github.com/apache/arrow/pull/8554
>> >
>> > I ran into a few apparent bugs in the JDK HttpCookie.parse method
>> > though:
>> >
>> > - The HttpCookie class treats Max-Age=-1 as a sentinel to say there
>> > is
>> > no expiration. However the RFC spec for Set-Cookie says that any
>> > zero
>> or
>> > negative max-age should result in instant expiration of the cookie.
>> The
>> > JDK's HttpCookie class doesn't differentiate between these two cases
>> in
>> > the
>> > isExpired function.
>> > - The HttpCookie.parse method is supposed to return a list of
>> > multiple
>> > cookies when using a Set-Cookie2 header containing multiple cookies,
>> but
>> > this doesn't seem to work. You wind up getting a single cookie with
>> the
>> > original input separated by comma.
>> >
>> > I have tests exposing these two issues that are marked as Ignore for
>> > now.
>> >
>> > --
>> >
>> > *James Duong*
>> > Lead Software Developer
>> > Bit Quill Technologies Inc.
>> > Direct: +1.604.562.6082 | jamesd@bitquilltech.com
>> > https://www.bitquilltech.com
>> >
>> > This email message is for the sole use of the intended recipient(s) and
>> may
>> > contain confidential and privileged information. Any unauthorized
>> review,
>> > use, disclosure, or distribution is prohibited. If you are not the
>> > intended recipient, please contact the sender by reply email and
>> > destroy
>> > all copies of the original message. Thank you.
>> >
>>
>
>
> --
>
> *James Duong*
> Lead Software Developer
> Bit Quill Technologies Inc.
> Direct: +1.604.562.6082 | jamesd@bitquilltech.com
> https://www.bitquilltech.com
>
> This email message is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. Any unauthorized review,
> use, disclosure, or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply email and destroy
> all copies of the original message. Thank you.
>
Re: [FlightRPC][Java] HTTP cookie support
Posted by James Duong <ja...@bitquilltech.com>.
Thanks for the feedback David.
I'll add a client builder option to make it more convenient to enable.
Actually, would it make sense for something like this to be enabled by
default?
There's no drawback when connecting to FlightServers that don't use
cookies other than a bit of overhead searching for the Set-Cookie header.
On Fri, Oct 30, 2020 at 7:05 AM David Li <li...@gmail.com> wrote:
> Hey James,
>
> I looked over the PR and it seems quite straightforward - thanks for
> contributing this.
>
> Best,
> David
>
> On 10/29/20, James Duong <ja...@bitquilltech.com> wrote:
> > Hi all,
> >
> > I've created a PR for changing the Java FlightClient to have the ability
> to
> > send/receive cookie headers:
> > https://github.com/apache/arrow/pull/8554
> >
> > I ran into a few apparent bugs in the JDK HttpCookie.parse method though:
> >
> > - The HttpCookie class treats Max-Age=-1 as a sentinel to say there is
> > no expiration. However the RFC spec for Set-Cookie says that any zero
> or
> > negative max-age should result in instant expiration of the cookie.
> The
> > JDK's HttpCookie class doesn't differentiate between these two cases
> in
> > the
> > isExpired function.
> > - The HttpCookie.parse method is supposed to return a list of multiple
> > cookies when using a Set-Cookie2 header containing multiple cookies,
> but
> > this doesn't seem to work. You wind up getting a single cookie with
> the
> > original input separated by comma.
> >
> > I have tests exposing these two issues that are marked as Ignore for now.
> >
> > --
> >
> > *James Duong*
> > Lead Software Developer
> > Bit Quill Technologies Inc.
> > Direct: +1.604.562.6082 | jamesd@bitquilltech.com
> > https://www.bitquilltech.com
> >
> > This email message is for the sole use of the intended recipient(s) and
> may
> > contain confidential and privileged information. Any unauthorized
> review,
> > use, disclosure, or distribution is prohibited. If you are not the
> > intended recipient, please contact the sender by reply email and destroy
> > all copies of the original message. Thank you.
> >
>
--
*James Duong*
Lead Software Developer
Bit Quill Technologies Inc.
Direct: +1.604.562.6082 | jamesd@bitquilltech.com
https://www.bitquilltech.com
This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure, or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy
all copies of the original message. Thank you.
Re: [FlightRPC][Java] HTTP cookie support
Posted by David Li <li...@gmail.com>.
Hey James,
I looked over the PR and it seems quite straightforward - thanks for
contributing this.
Best,
David
On 10/29/20, James Duong <ja...@bitquilltech.com> wrote:
> Hi all,
>
> I've created a PR for changing the Java FlightClient to have the ability to
> send/receive cookie headers:
> https://github.com/apache/arrow/pull/8554
>
> I ran into a few apparent bugs in the JDK HttpCookie.parse method though:
>
> - The HttpCookie class treats Max-Age=-1 as a sentinel to say there is
> no expiration. However the RFC spec for Set-Cookie says that any zero or
> negative max-age should result in instant expiration of the cookie. The
> JDK's HttpCookie class doesn't differentiate between these two cases in
> the
> isExpired function.
> - The HttpCookie.parse method is supposed to return a list of multiple
> cookies when using a Set-Cookie2 header containing multiple cookies, but
> this doesn't seem to work. You wind up getting a single cookie with the
> original input separated by comma.
>
> I have tests exposing these two issues that are marked as Ignore for now.
>
> --
>
> *James Duong*
> Lead Software Developer
> Bit Quill Technologies Inc.
> Direct: +1.604.562.6082 | jamesd@bitquilltech.com
> https://www.bitquilltech.com
>
> This email message is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. Any unauthorized review,
> use, disclosure, or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply email and destroy
> all copies of the original message. Thank you.
>