You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2007/04/16 18:18:54 UTC
Re: [http-client] Does HttpClient support the HttpOnly cookie
attribute?
On Sun, 2007-04-15 at 09:48 -0400, Tom Muldoon wrote:
> It appears that the HttpOnly cookie attribute is not recognized by the
> CookieSpec class (in both HttpClient 3.0 and 3.1rc). i.e. the following
> message is logged ...
>
> CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
>
> This appears to be a bit of a show stopper, as the server redirects the
> subsequent request back to the Login page after a seemingly successful
> login. In looking at the cookie that is included in the subsequent
> request, the HttpOnly attribute is missing altogether.
>
> So, does HttpClient support HttpOnly cookie attribute???
>
Tom,
I am not aware of HttpOnly attribute mentioned anywhere in RFC2109 or
RFC2965. HttpClient does not support cookie attributes that are not
defined in the HTTP state management specification.
Hope this helps
Oleg
> Thanks in advance,
>
> Tom
>
> PS. Pardon me if this is a double-posting. I did post this a few days ago on the commons-user list but later realized that it was probably something that should have been posted to commons-dev. Is commons-user a subset of commons-dev?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [http-client] Does HttpClient support the HttpOnly cookie attribute?
Posted by sebb <se...@gmail.com>.
On 16/04/07, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Sun, 2007-04-15 at 09:48 -0400, Tom Muldoon wrote:
> > It appears that the HttpOnly cookie attribute is not recognized by the
> > CookieSpec class (in both HttpClient 3.0 and 3.1rc). i.e. the following
> > message is logged ...
> >
> > CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
> >
> > This appears to be a bit of a show stopper, as the server redirects the
> > subsequent request back to the Login page after a seemingly successful
> > login. In looking at the cookie that is included in the subsequent
> > request, the HttpOnly attribute is missing altogether.
> >
> > So, does HttpClient support HttpOnly cookie attribute???
> >
>
> Tom,
> I am not aware of HttpOnly attribute mentioned anywhere in RFC2109 or
> RFC2965. HttpClient does not support cookie attributes that are not
> defined in the HTTP state management specification.
>
However it appears that using CookiePolicy.BROWSER_COMPATIBILITY will
ignore the unrecognised atribute, so you could try that.
S///
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org