You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2005/11/14 21:17:34 UTC
Re: [HttpClient] 2.0.2 - Bug in cookies handling in COMPATIBILITY
mode ?
On Sun, 2005-11-13 at 07:36 +0100, RODRIGUEZ Christophe wrote:
> Hello all,
>
> On a web site which i used httpclient on, this one was on able to
> authenticate because the authentication was cookie based, even in
> COMPATIBILITY mode ( given throw jvm parameters ) so i decided to check the
> code.
>
> domain of the cookie was : domain.com ( the first "dot" is missing, so it
> does not complies to RFC2109...)
> hot was : www.domain.com
>
> The cookie is well parsed and validated, this is not the problem.
> But it will be never send back in the response, because of the following
> domainMatch function which check if the cookie is RFC2109 compliant, even if
> i specified a COMPATIBILITY mode.
>
> ( in
> /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java,v
> 1.16.2.3 )
> /**
> * Performs a domain-match as described in RFC2109.
> * @param host The host to check.
> * @param domain The domain.
> * @return true if the specified host matches the given domain.
> */
> private static boolean domainMatch(String host, String domain) {
> boolean match = host.equals(domain)
> || ( domain.startsWith(".") && host.endsWith(domain));
>
> return match;
> }
>
> I don't really know if it is a bug... please let me know if I'm wrong.
>
Christophe,
I believe this bug has been fixed in HttpClient 3.0. Could you please
test your code against HttpClient 3.0rc4 and file a bug report in
Bugzilla if the problem still persists?
Oleg
> Christophe.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org