You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/08/19 11:09:18 UTC

[jira] [Resolved] (HTTPCLIENT-1546) Cookie values can end up being double quoted

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1546.
-------------------------------------------

       Resolution: Fixed
    Fix Version/s: 4.4 Alpha2
                   4.3.6

Fixed in SVN trunk [1] and 4.3.x branch [2]. Please review / re-test.

Oleg

[1] http://svn.apache.org/viewvc?view=revision&revision=r1617278
[2] http://svn.apache.org/viewvc?view=revision&revision=r1617277

> Cookie values can end up being double quoted
> --------------------------------------------
>
>                 Key: HTTPCLIENT-1546
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1546
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCookie
>            Reporter: Gregory Chanan
>             Fix For: 4.3.6, 4.4 Alpha2
>
>
> I mentioned this issue on the mailing list and Oleg asked me to file a JIRA.
> I have a cookie like this:
> hadoop.auth="someValue"; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT; HttpOnly
> Because it has an "Expires" attribute, httpclient treats it as a netscape cookie.  But, when it is sent back to the server, it's sent double-quoted:
> hadoop.auth=""someValue""; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT; HttpOnly
> which causes the server to see the hadoop.auth value as "".
> So, it seems like httpclient is being inconsistent in how it treats the version; it first assumes version 0, but then treats it as version 1 and assumes it can add quotes.  Even though the cookie is not a valid Version=1 Cookie, ideally httpclient would not double quote the response.
> NOTE: I tested this on httpclient 4.2.5, but that's not a choice for "Affects Version"



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org