You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2016/04/07 10:35:25 UTC

[jira] [Resolved] (HTTPCLIENT-1735) Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1735.
-------------------------------------------
    Resolution: Duplicate

> Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore
> -------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1735
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1735
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.4.1
>         Environment: Client using apache-camel http4 version 2.13.1 running requests against server using spring-boot.
>            Reporter: Stefan Friedrich
>
> We are executing REST requests against a digest protected endpoint. The server uses session cookies to ensure stickiness.
> During the digest roundtrip the first set-cookie header is ignored - thus forcing the server to create another session cookie that is then returned in the http 200 response.
> Roundtrip:
> # Request is made (without cookie)
> # Server responds with HTTP 401 and digest authentication challenge (including set-cookie header)
> # Request is done again with authentication header (but still without cookie - this is the bug)
> # Response is received with HTTP 200
> Subsequent requests with the same HTTPClient instance contain the cookie received during the HTTP200 response.
> This was working fine in version 4.1.1.
> It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible for processing the request and response interceptors (including the RequestAddCookies and ReponseProcessCookies Interceptors). Unfortunately the 401 processing and re-requesting is done in the nested requestExecutor (MainClientExec) - and this one only adds the authentication header and disregards any Set-Cookie headers received in the 401 response.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org