You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Robert Gold <ro...@jrc.it> on 2004/09/21 12:10:14 UTC

Cookie problems / strict mode

Hi,
I am using http-client 2.0.1 (1 August 2004). 
I noticed that lots of websites just accept the cookies to be sent in one
single line (like sent by IE). This is with http-client just possible in
strict mode.
But now I have a webserver which redirects me to an URL which is not
allowed/valid in strict mode, but at the same time it accepts just the
cookies send in a single line. 

I saw a patch from 2003 which allowed the user to add a cookie
request-header manually. This patch has been removed again from the new
version? Is there now another technique for that? I don't understand why
this 'sending of cookies in a single line' must be bound to the strict mode,
which has apparently also other impacts.

It would be very nice if you could give me some help how to solve this
problem. For me it's either way if I create the cookie-header myself or it's
done by the http-client or in whatever way. It just must access this site
and I don't know how.

Thanks for help,

Robert.


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

RE: Cookie problems / strict mode

Posted by Robert Gold <ro...@jrc.it>.
Thanks for the fast reply! 
1) I'm not sure about using already the alpha version. 
3) This is exactly what I didn't want to do, to create my own Get-, Post-
and whatever method.
2) I'll be forced to do it like this even if I didn't want to correct the
'malformed' URL...
But thanks for the http-client anyway it's a very good thing!
Ciao,
Robert.

-----Original Message-----
From: Oleg Kalnichevski [mailto:@bearingpoint.com] 
Sent: 21 September 2004 15:36
To: commons-httpclient-dev@jakarta.apache.org
Subject: Re: Cookie problems / strict mode


Robert,


It is a known problem with HttpClient 2.0. 

There are three possibilities:

(1) Use HttpClient 3.0, which provides fine-grained control over
protocol compliance leniency. 

(2) Disable auto redirect and handle redirects manually

http://jakarta.apache.org/commons/httpclient/redirects.html

(3) Override HttpMethodBase#addCookieRequestHeader() method

protected void addCookieRequestHeader(
  HttpState state, HttpConnection conn)
  throws IOException, HttpException {

  // Clean up the cookie headers
  removeRequestHeader("cookie");

  CookieSpec matcher =
    CookiePolicy.getSpecByPolicy(state.getCookiePolicy());
  Cookie[] cookies = matcher.match(conn.getHost(), conn.getPort(),
    getPath(), conn.isSecure(), state.getCookies());
  if ((cookies != null) && (cookies.length > 0)) {
    getRequestHeaderGroup().addHeader(
      matcher.formatCookieHeader(cookies));
  }
}

Hope this helps

Oleg

On Tue, 2004-09-21 at 12:10, Robert Gold wrote:
> Hi,
> I am using http-client 2.0.1 (1 August 2004). 
> I noticed that lots of websites just accept the cookies to be sent in one
> single line (like sent by IE). This is with http-client just possible in
> strict mode.
> But now I have a webserver which redirects me to an URL which is not
> allowed/valid in strict mode, but at the same time it accepts just the
> cookies send in a single line. 
> 
> I saw a patch from 2003 which allowed the user to add a cookie
> request-header manually. This patch has been removed again from the new
> version? Is there now another technique for that? I don't understand why
> this 'sending of cookies in a single line' must be bound to the strict
mode,
> which has apparently also other impacts.
> 
> It would be very nice if you could give me some help how to solve this
> problem. For me it's either way if I create the cookie-header myself or
it's
> done by the http-client or in whatever way. It just must access this site
> and I don't know how.
> 
> Thanks for help,
> 
> Robert.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org

****************************************************************************
***********************
The information in this email is confidential and may be legally privileged.
Access to this email by anyone other than the intended addressee is
unauthorized.  If you are not the intended recipient of this message, any
review, disclosure, copying, distribution, retention, or any action taken or
omitted to be taken in reliance on it is prohibited and may be unlawful.  If
you are not the intended recipient, please reply to or forward a copy of
this message to the sender and delete the message, any attachments, and any
copies thereof from your system.
****************************************************************************
***********************

---------------------------------------------------------------------
To unsubscribe, e-mail:
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail:
commons-httpclient-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

Re: Cookie problems / strict mode

Posted by Oleg Kalnichevski <ol...@bearingpoint.com>.
Robert,


It is a known problem with HttpClient 2.0. 

There are three possibilities:

(1) Use HttpClient 3.0, which provides fine-grained control over
protocol compliance leniency. 

(2) Disable auto redirect and handle redirects manually

http://jakarta.apache.org/commons/httpclient/redirects.html

(3) Override HttpMethodBase#addCookieRequestHeader() method

protected void addCookieRequestHeader(
  HttpState state, HttpConnection conn)
  throws IOException, HttpException {

  // Clean up the cookie headers
  removeRequestHeader("cookie");

  CookieSpec matcher =
    CookiePolicy.getSpecByPolicy(state.getCookiePolicy());
  Cookie[] cookies = matcher.match(conn.getHost(), conn.getPort(),
    getPath(), conn.isSecure(), state.getCookies());
  if ((cookies != null) && (cookies.length > 0)) {
    getRequestHeaderGroup().addHeader(
      matcher.formatCookieHeader(cookies));
  }
}

Hope this helps

Oleg

On Tue, 2004-09-21 at 12:10, Robert Gold wrote:
> Hi,
> I am using http-client 2.0.1 (1 August 2004). 
> I noticed that lots of websites just accept the cookies to be sent in one
> single line (like sent by IE). This is with http-client just possible in
> strict mode.
> But now I have a webserver which redirects me to an URL which is not
> allowed/valid in strict mode, but at the same time it accepts just the
> cookies send in a single line. 
> 
> I saw a patch from 2003 which allowed the user to add a cookie
> request-header manually. This patch has been removed again from the new
> version? Is there now another technique for that? I don't understand why
> this 'sending of cookies in a single line' must be bound to the strict mode,
> which has apparently also other impacts.
> 
> It would be very nice if you could give me some help how to solve this
> problem. For me it's either way if I create the cookie-header myself or it's
> done by the http-client or in whatever way. It just must access this site
> and I don't know how.
> 
> Thanks for help,
> 
> Robert.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

***************************************************************************************************
The information in this email is confidential and may be legally privileged.  Access to this email by anyone other than the intended addressee is unauthorized.  If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful.  If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.
***************************************************************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org