You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Stefan Friedrich (JIRA)" <ji...@apache.org> on 2016/04/06 18:53:25 UTC

[jira] [Created] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore

Stefan Friedrich created HTTPCLIENT-1735:
--------------------------------------------

             Summary: Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore
                 Key: HTTPCLIENT-1735
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1735
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.4.1
         Environment: Client using apache-camel http4 version 2.13.1 running requests against server using spring-boot.
            Reporter: Stefan Friedrich


We are executing REST requests against a digest protected endpoint. The server uses session cookies to ensure stickiness.

During the digest roundtrip the first set-cookie header is ignored - thus forcing the server to create another session cookie that is then returned in the http 200 response.

Roundtrip:
# Request is made (without cookie)
# Server responds with HTTP 401 and digest authentication challenge (including set-cookie header)
# Request is done again with authentication header (but still without cookie - this is the bug)
# Response is received with HTTP 200

Subsequent requests with the same HTTPClient instance contain the cookie received during the HTTP200 response.

This was working fine in version 4.1.1.

It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible for processing the request and response interceptors (including the RequestAddCookies and ReponseProcessCookies Interceptors). Unfortunately the 401 processing and re-requesting is done in the nested requestExecutor (MainClientExec) - and this one only adds the authentication header and disregards any Set-Cookie headers received in the 401 response.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org