You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Monkey Mike <mi...@hotmail.com> on 2006/04/17 22:59:17 UTC
HttpClient Cookie confusion
Mr. Oleg Kalnichevski and others...
Hi! My name is Mike Uehara-Bingen, I am one of the head programmers at
Yowza Software, and I am new to this mailing list. We have been working on
a new application for a little over a year now, and I've recently started
using HttpClient for one of our very important sub-projects.
I started by doing this sub-project in Perl's LWP, and everything was
working great. After considering some security issues, however, we've
decided that this sub-project should be kept in Java (most of the rest of
the project is written in Java), and so I started translating my Perl code
into Java code. Basically, since Java will eventually handle all the data
that is retrieved from servers, and since this data is a security risk, we
want the data to go directly into the JVM...and if we use Perl to retrieve
the data then the data would either have to be written to disk or to STDOUT
in order to pass it to Java.
Let me take a moment to say thanks for you and your colleagues' work on
HttpClient. It is fast, easy to use, and very useful.
Of course, admittedly, I wouldn't be writing you if I wasn't having a
problem! One thing that has been making things difficult is HttpClient's
requirement that cookies follow the various standards. My client will be
interacting with lots of different servers that do not follow these cookie
standards, and so I really wish I could set the Cookie Policy as lenient as
possible.
To my knowledge, the following Cookie Policies are available...
CookiePolicy.BROWSER_COMPATIBILITY
CookiePolicy.NETSCAPE
CookiePolicy.RFC_2109
CookiePolicy.DEFAULT
CookiePolicy.IGNORE_COOKIES
I've also tried...
hclClient.getParams().setCookiePolicy( null );
( ...where "hclClient" is the instance of HttpClient )
In all of these cases, I still get "Cookie Rejected" warnings for various
reasons. I realize that the servers are breaking the rules, but I don't
have control over these servers and so I have to be able to handle whatever
they throw at me.
It was interesting to see that HttpClient imposes these restrictions on the
Cookie handling, as Perl's LWP does not. I've had to set a few of my own
cookies here and there in both LWP and HttpClient because they are cookies
that are normally set via javascript, but never have I had to consider
whether or not cookies are following standards.
So is there a way to turn off these restrictions? Or is there something
else that I might be doing wrong?
Any help that you could provide would be much appreciated.
Thanks! :)
-Mike Uehara-Bingen
Yowza Software
mike@yowzasoftware.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
Re: HttpClient Cookie confusion
Posted by Ortwin Glück <od...@odi.ch>.
Monkey Mike wrote:
> In all of these cases, I still get "Cookie Rejected" warnings for
> various reasons.
The question is WHY those cookies are rejected. Please post relevant log
excerpts.
> I realize that the servers are breaking the rules, but
> I don't have control over these servers and so I have to be able to
> handle whatever they throw at me.
It it not only about WHAT to handle but HOW to handle them. Without
knowing the standard a cookie conforms to the way to parse it may be
ambiguous.
> So is there a way to turn off these restrictions?
By providing a custom cookie policy you can do whatever you want.
> Or is there something
> else that I might be doing wrong?
We'll see from the logs.
Ortwin
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
Re: HttpClient Cookie confusion
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2006-04-17 at 13:59 -0700, Monkey Mike wrote:
> In all of these cases, I still get "Cookie Rejected" warnings for various
> reasons. I realize that the servers are breaking the rules, but I don't
> have control over these servers and so I have to be able to handle whatever
> they throw at me.
>
Mike,
The browser compatibility policy should be lenient enough to accept all
malformed cookies accepted by so called popular browsers (IE, Mozilla
derivatives, etc). However, if you are absolutely sure your application
must accept just about anything that claims to be a cookie consider
extending the CookieSpecBase class and overriding the relevant methods.
Hope this helps
Oleg
> It was interesting to see that HttpClient imposes these restrictions on the
> Cookie handling, as Perl's LWP does not. I've had to set a few of my own
> cookies here and there in both LWP and HttpClient because they are cookies
> that are normally set via javascript, but never have I had to consider
> whether or not cookies are following standards.
>
> So is there a way to turn off these restrictions? Or is there something
> else that I might be doing wrong?
>
> Any help that you could provide would be much appreciated.
>
> Thanks! :)
>
> -Mike Uehara-Bingen
> Yowza Software
> mike@yowzasoftware.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org