You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by Kedar Panse <ke...@bancbridge.com> on 2004/06/08 01:54:06 UTC
Re: [HTTPClient 3.0 alpha] Cookie handling-- with secure attrubute
I am sorry tobe bothering like this. While investingating more I found
out its not sending cookies marked secure (I guess this means send only
if its shttp/ssl). How do I overcome this?
Kedar
Kedar Panse wrote:
> Also like to add, in IE
> Connection: Keep-Alive was sent which was not case with httpclient
>
>
> Kedar
>
>
> Kedar Panse wrote:
>
>> Hi,
>>
>> I am using httpclient to talk to a server who drops a really long
>> cookie. HttpClient didn't seem to send like this cookie. Is there
>> any restriction on size of the cookie??
>>
>> This is the cookie it didn't like (hmm may be I should add some
>> chocolate chips in it :) )
>> MJSESSION=AQgWyjevqtQYktjjulZpPB/3Jo84zHrl2IVSAqVbl+CT/wAKyARWq9Xtpk1qh1yM/+NaeMQLmJMK8vc6+stiQSv2XJLg7FiiQGwiiFCY79ZjIesRyisflqdj3GzOPFlf/p+0e6K9Wp8u9ixHlS5YC/D9f8vrqSa9hIZn6Ch5aM9N6hqtFNAVJhPIgv0xfmA16fYHzETmCDRPuh57aFpjtXgKe1GzfGSsAOowkDkVhL3TqQm15ApqSiSp86D1lPEPLjyGiZZH/VHVD9XRgonQpK84r4R6pJyWSKFN2/WyNzTQ7GbEvCBrFtZdvIll7FcJ3Mh3yanPQ/7/nsUQs7FTEk4Ojx3pzvhYQAHEmRjOd53Ts0DJvlsR3lcWy1QbfeGkJcmn/ogBwWLSwjAeXigEATwyWZw0UeQpJZdYFXRZh+PpXQ15AwRjhJT3ggpsWh/7slTIP0cJrv2+Fj9GgCaKpAQPLKD1eeWw3JjbxgGJo3DckpJZqli4fPBHbgF+9ldZyQp2qyV8IBDJLwybKAFCu3OyKtGl0EEr6tZDhC65O8/P2M9a9n4/HSgMBBwTN6gT3GM2NEeFROaznMlV7q2jyfTvNmQcFCNFG4QAfOQ8jRR7KxZ0x4WC8S6qlKT5gXM+HBDxjlpIf9tyL2OyahIYQST5F54RnaOtcm04pyd1PrAoYUmpsdtF0VBsqa6j/IFn24of0yHd/Pvq56T8i7Z5TLILAckC8h49ZvGGZFVIn/LohTYA0MEgwJ2jak7tkArfpoQtg6aRmjCQMx3hi3Ax8cHUzshvpBLM54CuTwSmR9Iz0CDBPJbCKg/NKuk7M5RiqG9cpQHejYFqRy71Msx5EvQHJg9oyyUR30Z0sieqcsB67tNxVPWUI5IKLEQMmgDi29yiW/RIAj79LxODVQrFI4A7v+fCQtDfKlYdjmSJE3Cj8f/4ICc2B5W35VejnpCCGy2XSqTuClYeEXqutb4+26sJAL8oZXpKHS2PhOpM283s0etmwSleMcLeV36pL8cmH8W7rri0NZdkjm9KiWG6E2+tpEP5gnM6bxDmyezEs+Di4qrXpbVYSGithF/3Z1G5LR4RK81lUMYFRgfFFq76pw==
>>
>>
>> All other cookies were eaten gracefully.
>>
>>
>> My Cookie Policy is set to:
>> client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
>>
>> Also I tried sending it using single cookie header still didn't like it
>> method.getParams().setParameter(HttpMethodParams.SINGLE_COOKIE_HEADER,Boolean.TRUE);
>>
>>
>>
>> Is there any way I can get dump of all the request together? like
>> method.getRequestBody()??
>>
>> Thanks,
>>
>> Kedar
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HTTPClient 3.0 alpha] Cookie handling-- with secure attrubute
Posted by Kedar Panse <ke...@bancbridge.com>.
Yes it was implementing SecureProtocolSocketFactory.
Michael Becke wrote:
> Hi Kedar,
>
> Does your implementation of MySecureSocketFactory implement
> SecureProtocolSocketFactory? If not that is probably the cause of the
> problem.
>
> Mike
>
> On Jun 8, 2004, at 7:52 PM, Kedar Panse wrote:
>
>> Thanks, that removing secure setting worked. It wasn't sending
>> secure cookies even for https, I think may be as I registered https
>> protocol for https using custom Secure Socket factory, it wasn't
>> sending the secure cookie.
>> I was using --> Protocol.registerProtocol("https", new
>> Protocol("https", new MySecureSocketFactory(), 443)); ? Anyways seems
>> to work now
>>
>> Kedar
>>
>> Michael Becke wrote:
>>
>>> On Jun 7, 2004, at 7:54 PM, Kedar Panse wrote:
>>>
>>>> I am sorry tobe bothering like this. While investingating more I
>>>> found out its not sending cookies marked secure (I guess this means
>>>> send only if its shttp/ssl). How do I overcome this?
>>>
>>>
>>>
>>> Yes, this could definitely be the source of the problem. HttpClient
>>> will only send secure cookies over secure (https) connections.
>>>
>>> The only way to override this behavior would be to manually edit the
>>> secure cookies to remove the secure setting, or to implement a
>>> custom version of CookieSpec with a lax version of match(). Doing
>>> this would not be recommended as it would defeat the whole purpose
>>> of having secure cookies.
>>>
>>> Mike
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>>>
>>>
>>>
>>> .
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HTTPClient 3.0 alpha] Cookie handling-- with secure attrubute
Posted by Michael Becke <be...@u.washington.edu>.
Hi Kedar,
Does your implementation of MySecureSocketFactory implement
SecureProtocolSocketFactory? If not that is probably the cause of the
problem.
Mike
On Jun 8, 2004, at 7:52 PM, Kedar Panse wrote:
> Thanks, that removing secure setting worked. It wasn't sending secure
> cookies even for https, I think may be as I registered https protocol
> for https using custom Secure Socket factory, it wasn't sending the
> secure cookie.
> I was using --> Protocol.registerProtocol("https", new
> Protocol("https", new MySecureSocketFactory(), 443)); ? Anyways seems
> to work now
>
> Kedar
>
> Michael Becke wrote:
>
>> On Jun 7, 2004, at 7:54 PM, Kedar Panse wrote:
>>
>>> I am sorry tobe bothering like this. While investingating more I
>>> found out its not sending cookies marked secure (I guess this means
>>> send only if its shttp/ssl). How do I overcome this?
>>
>>
>> Yes, this could definitely be the source of the problem. HttpClient
>> will only send secure cookies over secure (https) connections.
>>
>> The only way to override this behavior would be to manually edit the
>> secure cookies to remove the secure setting, or to implement a custom
>> version of CookieSpec with a lax version of match(). Doing this
>> would not be recommended as it would defeat the whole purpose of
>> having secure cookies.
>>
>> Mike
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>>
>>
>>
>> .
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HTTPClient 3.0 alpha] Cookie handling-- with secure attrubute
Posted by Kedar Panse <ke...@bancbridge.com>.
Thanks, that removing secure setting worked. It wasn't sending secure
cookies even for https, I think may be as I registered https protocol
for https using custom Secure Socket factory, it wasn't sending the
secure cookie.
I was using --> Protocol.registerProtocol("https", new
Protocol("https", new MySecureSocketFactory(), 443)); ? Anyways seems to
work now
Kedar
Michael Becke wrote:
> On Jun 7, 2004, at 7:54 PM, Kedar Panse wrote:
>
>> I am sorry tobe bothering like this. While investingating more I
>> found out its not sending cookies marked secure (I guess this means
>> send only if its shttp/ssl). How do I overcome this?
>
>
> Yes, this could definitely be the source of the problem. HttpClient
> will only send secure cookies over secure (https) connections.
>
> The only way to override this behavior would be to manually edit the
> secure cookies to remove the secure setting, or to implement a custom
> version of CookieSpec with a lax version of match(). Doing this would
> not be recommended as it would defeat the whole purpose of having
> secure cookies.
>
> Mike
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
>
>
> .
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [HTTPClient 3.0 alpha] Cookie handling-- with secure attrubute
Posted by Michael Becke <be...@u.washington.edu>.
On Jun 7, 2004, at 7:54 PM, Kedar Panse wrote:
> I am sorry tobe bothering like this. While investingating more I
> found out its not sending cookies marked secure (I guess this means
> send only if its shttp/ssl). How do I overcome this?
Yes, this could definitely be the source of the problem. HttpClient
will only send secure cookies over secure (https) connections.
The only way to override this behavior would be to manually edit the
secure cookies to remove the secure setting, or to implement a custom
version of CookieSpec with a lax version of match(). Doing this would
not be recommended as it would defeat the whole purpose of having
secure cookies.
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org