You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Richard Achmatowicz <ri...@googlemail.com> on 2009/11/05 01:40:31 UTC
Cookie domains, IPv4 and IPv6
Hello all
I have a HttpClient v3 client interacting with a Tomcat server. Here is a
partial trace from the log:
DEBUG [main] (?:?) - Open connection to 192.168.0.100:8080
DEBUG [main] (?:?) - >> "GET /setattribute.jsp HTTP/1.1[\r][\n]"
DEBUG [main] (?:?) - Adding Host request header
DEBUG [main] (?:?) - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]"
DEBUG [main] (?:?) - >> "[\r][\n]"
DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]"
DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**;
Path=/[\r][\n]"
DEBUG [main] (?:?) - << "Content-Type: text/html;charset=ISO-8859-1[\r][\n]"
DEBUG [main] (?:?) - << "Content-Length: 167[\r][\n]"
DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]"
DEBUG [main] (?:?) - << "[\r][\n]"
DEBUG [main] (?:?) - Cookie accepted: "$Version=0;
JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/"
Response status code: 200
Present cookies:
Cookies:
- JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**
Domain:192.168.0.100
Path:/
Date:null
DEBUG [main] (?:?) - << "<html>[\n]"
DEBUG [main] (?:?) - << "<body>[\n]"
DEBUG [main] (?:?) - << "<p>Storing session id in attribute with id:
61Okk1z7KRtSdEM+3Msb4A**[\n]"
DEBUG [main] (?:?) - << "</body>[\n]"
DEBUG [main] (?:?) - << "</html>[\n]"
DEBUG [main] (?:?) - Resorting to protocol version default close connection
policy
DEBUG [main] (?:?) - Should NOT close connection, using HTTP/1.1
DEBUG [main] (?:?) - Releasing connection back to connection manager.
DEBUG [main] (?:?) - >> "GET /getattribute.jsp HTTP/1.1[\r][\n]"
DEBUG [main] (?:?) - Adding Host request header
DEBUG [main] (?:?) - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]"
DEBUG [main] (?:?) - >> "Cookie: $Version=0;
JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]"
DEBUG [main] (?:?) - >> "[\r][\n]"
DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]"
DEBUG [main] (?:?) - << "X-Powered-By
DEBUG [main] (?:?) - << "Content-Type: text/html;charset=ISO-8859-1[\r][\n]"
DEBUG [main] (?:?) - << "Content-Length: 122[\r][\n]"
DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]"
DEBUG [main] (?:?) - << "[\r][\n]"
Response status code: 200
Present cookies:
Cookies:
- JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**
Domain:192.168.0.100
Path:/
Date:null
DEBUG [main] (?:?) - << "<p>Retrieve the session id from attribute:[\n]"
DEBUG [main] (?:?) - << "61Okk1z7KRtSdEM+3Msb4A**</p>"
As you can see, a cookie is exchanged between the server and the client, and
then the client sends the cooke back to the server when it calls
getattribute.jsp to retrieve the attribute value set earlier.
Here is my understanding:
(i) in the first interaction, the server does not assign a domain to the
cookie in its Set-Cookie header
DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**;
Path=/[\r][\n]"
(ii) in the first interaction, HttpClient receives the Set-Cookie header,
finds with no domain, and so assings the domain to be the hostname of the
server (taken from the URL)
Present cookies:
Cookies:
- JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**
Domain:192.168.0.100
Path:/
Date:null
(iii) in the second interaction, the client looks for cookies with the same
domain as the hostname in the URL and finds a match and so sends the cookie
along with the request
DEBUG [main] (?:?) - >> "Cookie: $Version=0;
JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]"
So it seems to me that, in the absence of hostnames bsing used in URLs,
HttpClient can handle IP literal names and use them as domain names,
setting, matching, etc.
I need to do exactly the same thing with IPv6 literal addresses. However,
when I run the same program with IPv6 addreesses, cookies are thrown out.
For example:
2009-10-21 16:30:56,002 WARN [org.apache.commons.httpclient.HttpMethodBase]
Cookie rejected: "$Version=0; JSESSIONID=AQYACiGZiyqiFpeNHDA1Ug**; $Path=/".
Illegal domain attribute "[fec0". Domain of origin: "[fec0:0:a16:ffff::11]"
My question: is it possible *in any way* to use IPv6 literals as domain
names as was done above for IPv4 (e.g. by using a less stringent cooking
management policy)? It's rather natural to want to use IPv6 literals in
URLs....
Or is it always required to use domain names (e.g fully qualified host
names) when working with HttpClient and IPv6 addresses?
Does the same situation exist with HttpClient v4?
Thanks for your help !
Richard
Re: Cookie domains, IPv4 and IPv6
Posted by Richard Achmatowicz <ri...@googlemail.com>.
Answering my own question:
I applied the fix mentioned in
https://issues.apache.org/jira/browse/HTTPCLIENT-654 to httpclient version 3
and it now treats IPv6 address literals just as IPv6 literals are handled
below.
On Wed, Nov 4, 2009 at 7:40 PM, Richard Achmatowicz <
richard.achmatowicz@googlemail.com> wrote:
> Hello all
>
> I have a HttpClient v3 client interacting with a Tomcat server. Here is a
> partial trace from the log:
>
> DEBUG [main] (?:?) - Open connection to 192.168.0.100:8080
> DEBUG [main] (?:?) - >> "GET /setattribute.jsp HTTP/1.1[\r][\n]"
> DEBUG [main] (?:?) - Adding Host request header
> DEBUG [main] (?:?) - >> "User-Agent: Jakarta
> Commons-HttpClient/3.1[\r][\n]"
> DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]"
> DEBUG [main] (?:?) - >> "[\r][\n]"
> DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
> DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
> DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]"
> DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**;
> Path=/[\r][\n]"
> DEBUG [main] (?:?) - << "Content-Type:
> text/html;charset=ISO-8859-1[\r][\n]"
> DEBUG [main] (?:?) - << "Content-Length: 167[\r][\n]"
> DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]"
> DEBUG [main] (?:?) - << "[\r][\n]"
> DEBUG [main] (?:?) - Cookie accepted: "$Version=0;
> JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/"
> Response status code: 200
> Present cookies:
> Cookies:
> - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**
> Domain:192.168.0.100
> Path:/
> Date:null
> DEBUG [main] (?:?) - << "<html>[\n]"
> DEBUG [main] (?:?) - << "<body>[\n]"
> DEBUG [main] (?:?) - << "<p>Storing session id in attribute with id:
> 61Okk1z7KRtSdEM+3Msb4A**[\n]"
> DEBUG [main] (?:?) - << "</body>[\n]"
> DEBUG [main] (?:?) - << "</html>[\n]"
> DEBUG [main] (?:?) - Resorting to protocol version default close connection
> policy
> DEBUG [main] (?:?) - Should NOT close connection, using HTTP/1.1
> DEBUG [main] (?:?) - Releasing connection back to connection manager.
> DEBUG [main] (?:?) - >> "GET /getattribute.jsp HTTP/1.1[\r][\n]"
> DEBUG [main] (?:?) - Adding Host request header
> DEBUG [main] (?:?) - >> "User-Agent: Jakarta
> Commons-HttpClient/3.1[\r][\n]"
> DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]"
> DEBUG [main] (?:?) - >> "Cookie: $Version=0;
> JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]"
> DEBUG [main] (?:?) - >> "[\r][\n]"
> DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
> DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]"
> DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]"
> DEBUG [main] (?:?) - << "X-Powered-By
> DEBUG [main] (?:?) - << "Content-Type:
> text/html;charset=ISO-8859-1[\r][\n]"
> DEBUG [main] (?:?) - << "Content-Length: 122[\r][\n]"
> DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]"
> DEBUG [main] (?:?) - << "[\r][\n]"
> Response status code: 200
> Present cookies:
> Cookies:
> - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**
> Domain:192.168.0.100
> Path:/
> Date:null
> DEBUG [main] (?:?) - << "<p>Retrieve the session id from attribute:[\n]"
> DEBUG [main] (?:?) - << "61Okk1z7KRtSdEM+3Msb4A**</p>"
>
> As you can see, a cookie is exchanged between the server and the client,
> and then the client sends the cooke back to the server when it calls
> getattribute.jsp to retrieve the attribute value set earlier.
>
> Here is my understanding:
> (i) in the first interaction, the server does not assign a domain to the
> cookie in its Set-Cookie header
>
> DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**;
> Path=/[\r][\n]"
>
> (ii) in the first interaction, HttpClient receives the Set-Cookie header,
> finds with no domain, and so assings the domain to be the hostname of the
> server (taken from the URL)
>
> Present cookies:
> Cookies:
> - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**
> Domain:192.168.0.100
> Path:/
> Date:null
>
> (iii) in the second interaction, the client looks for cookies with the same
> domain as the hostname in the URL and finds a match and so sends the cookie
> along with the request
>
> DEBUG [main] (?:?) - >> "Cookie: $Version=0;
> JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]"
>
> So it seems to me that, in the absence of hostnames bsing used in URLs,
> HttpClient can handle IP literal names and use them as domain names,
> setting, matching, etc.
>
> I need to do exactly the same thing with IPv6 literal addresses. However,
> when I run the same program with IPv6 addreesses, cookies are thrown out.
> For example:
>
> 2009-10-21 16:30:56,002 WARN [org.apache.commons.httpclient.HttpMethodBase]
> Cookie rejected: "$Version=0; JSESSIONID=AQYACiGZiyqiFpeNHDA1Ug**; $Path=/".
> Illegal domain attribute "[fec0". Domain of origin: "[fec0:0:a16:ffff::11]"
>
> My question: is it possible *in any way* to use IPv6 literals as domain
> names as was done above for IPv4 (e.g. by using a less stringent cooking
> management policy)? It's rather natural to want to use IPv6 literals in
> URLs....
>
> Or is it always required to use domain names (e.g fully qualified host
> names) when working with HttpClient and IPv6 addresses?
>
> Does the same situation exist with HttpClient v4?
>
> Thanks for your help !
>
> Richard
>
>