You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Randy Paries <ra...@unitnet.com> on 2005/02/15 22:22:57 UTC
Can someone please explain what these errors mean?
Hello,
I am using httpClient to login into a site and then grab some data from a
report
After I post the login info, I get a 302 and I redirect to that page.
When I go to the redirected URL I get these error messages. Can someone
explain what they mean?
Thanks
Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
processResponseHeaders
WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
processResponseHeaders
WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14". Illegal
path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
processResponseHeaders
WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14". Illegal
path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Kenneth Wilcox <kw...@cox.net>.
After looking at the code, I don't think setting the cookie policy to
compatibility will help. Realitea probably injects the cookie with the path
that matches your first URL before the redirect. After the redirect is
executed, you must still be carrying the original cookie with the old URL
which does not match your new path.
Try taking Realitea out of the mix and see if the problem goes away. If it
does go away then you know it is a result of the cookie injector. Then you
will need to take a closer look at your cookies and maybe resolve some
issues with the cookie injector and the redirection. Why not just use
httpclient to go directly after the URL you are redirected to?
The code in CookieSpecBase checks for a match between the cookie path and
the path. If they do not match then you get the message you indicated
earlier.
Taken from CookieSpecBase (in version 2.0.2)
// another security check... we musn't allow the server to give us a
// cookie that doesn't match this path
Realitea is a tool that tracks users sessions by injecting a cookie when
they first come in to a web site. Then for the entire time the browser is
open they dump all the packets going to and from that browser into a
database which is used to replay the users experience at a later time. It
can replay everything, all the clicks and form information entered. It is a
good tool to debug what users see on the glass.
Since you are using the httpclient from a program, don't bother with the
redirect, go right after the URL that are being forwarded to.
Hope that helped
Ken
Try using your
> -----Original Message-----
> From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
> Sent: Tuesday, February 15, 2005 7:58 PM
> To: 'HttpClient User Discussion'
> Subject: RE: Can someone please explain what these errors mean?
>
> Well,
>
> I can say that the TLTSID looks like a cookie that gets injected into the
> HTTP headers by a product called Realitea from Tea Leaf Technologies.
> Does
> your company use that product?
>
> Sounds like you want to explicitly set your cookie policy to Compatibility
> and see if that helps.
>
> Good luck.
>
> Ken
>
> > -----Original Message-----
> > From: Randy Paries [mailto:randy.paries@unitnet.com]
> > Sent: Tuesday, February 15, 2005 4:23 PM
> > To: 'HttpClient User Discussion'
> > Subject: Can someone please explain what these errors mean?
> >
> > Hello,
> >
> > I am using httpClient to login into a site and then grab some data from
> a
> > report
> >
> > After I post the login info, I get a 302 and I redirect to that page.
> >
> > When I go to the redirected URL I get these error messages. Can someone
> > explain what they mean?
> >
> > Thanks
> >
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> > Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> > Illegal
> > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> > Illegal
> > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: Can someone please explain what these errors mean?
Posted by Gamas Sugiarto <ga...@evite.com>.
Hi Randy,
I have similar problem when I tried to access Hotmail website. Hotmail
website set MalformedCookie.
What I did to solve the problem is to use HttpClient 3.0 APIs and create
your own cookie spec class extending from
org.apache.commons.httpclient.cookie.CookieSpecBase
Of course in your own custom cookie spec you need to set a more lenient
validation logic.
Hope this help.
Gamas Sugiarto
Oleg Kalnichevski wrote:
>Randy
>
>The path attribute of the cookie in question violates all imaginable
>cookie specs.
>
>Set-Cookie: TLTHID=8F72EB484561F88A535635A72C8A4536;
>Domain=.marykay.ca;path=/
>
>The cookie set from "Canada/LoginRefresh.asp" must have its path
>starting with "Canada/". Does this cookie gets accepted by IE or Mozilla
>Firefox?
>
>Consider upgrading to HttpClient 3.0 as it supports pluggable custom
>cookie specs. You can subclass the browser compatibility spec and make
>it accept cookies with any path attribute.
>
>http://jakarta.apache.org/commons/httpclient/3.0/cookies.html
>http://jakarta.apache.org/commons/httpclient/3.0/preference-api.html
>
>Oleg
>
>
>On Wed, 2005-02-16 at 16:09 -0600, Randy Paries wrote:
>
>
>>Thanks for you help
>>
>>I hope this helps
>>
>>
>>2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java version: 1.4.2_04
>>2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java vendor: Sun
>>Microsystems Inc.
>>2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java class path:
>>C:\j2sdk1.4.2_04\jre\lib\charsets.jar;C:\j2sdk1.4.2_04\jre\lib\jce.jar;C:\j2
>>sdk1.4.2_04\jre\lib\jsse.jar;C:\j2sdk1.4.2_04\jre\lib\plugin.jar;C:\j2sdk1.4
>>.2_04\jre\lib\rt.jar;C:\j2sdk1.4.2_04\jre\lib\sunrsasign.jar;C:\j2sdk1.4.2_0
>>4\jre\lib\ext\dnsns.jar;C:\j2sdk1.4.2_04\jre\lib\ext\ldapsec.jar;C:\j2sdk1.4
>>.2_04\jre\lib\ext\localedata.jar;C:\j2sdk1.4.2_04\jre\lib\ext\sunjce_provide
>>r.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\classes;C:\Program
>>Files\Apache Software Foundation\Tomcat 5.0\bin\bootstrap.jar;C:\Program
>>Files\Apache Software Foundation\Tomcat
>>5.0\common\lib\commons-collections.jar;C:\Program Files\Apache Software
>>Foundation\Tomcat 5.0\common\lib\naming-factory.jar;C:\Program Files\Apache
>>Software Foundation\Tomcat 5.0\common\lib\jsp-api.jar;C:\Program
>>Files\Apache Software Foundation\Tomcat
>>5.0\common\lib\servlet-api.jar;C:\Program Files\Apache Software
>>Foundation\Tomcat 5.0\common\lib\ant.jar;C:\Program Files\Apache Software
>>Foundation\Tomcat 5.0\common\lib\jasper-compiler.jar;C:\Program Files\Apache
>>Software Foundation\Tomcat 5.0\common\lib\naming-resources.jar;C:\Program
>>Files\Apache Software Foundation\Tomcat
>>5.0\common\lib\naming-common.jar;C:\Program Files\Apache Software
>>Foundation\Tomcat 5.0\common\lib\commons-dbcp-1.1.jar;C:\Program
>>Files\Apache Software Foundation\Tomcat
>>5.0\common\lib\commons-pool-1.1.jar;C:\Program Files\Apache Software
>>Foundation\Tomcat 5.0\common\lib\naming-java.jar;C:\Program Files\Apache
>>Software Foundation\Tomcat 5.0\common\lib\jasper-runtime.jar;C:\Program
>>Files\Apache Software Foundation\Tomcat
>>5.0\common\lib\commons-el.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\a
>>ctivation.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\pop3.jar;C:\UnitN
>>et\UnitNetServlet\webapp\WEB-INF\lib\mail.jar;C:\UnitNet\UnitNetServlet\weba
>>pp\WEB-INF\lib\ActivSpell2.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\
>>imap.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\mailapi.jar;C:\UnitNet
>>\UnitNetServlet\webapp\WEB-INF\lib\jspellcheck.jar;C:\UnitNet\UnitNetServlet
>>\webapp\WEB-INF\lib\activspell.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\
>>lib\jspsmartupload.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\smtp.jar
>>;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\activscan.jar;C:\UnitNet\UnitN
>>etServlet\webapp\WEB-INF\lib\mysql-connector-java-3.0.14-production-bin.jar;
>>C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\acme.jar;C:\UnitNet\UnitNetServ
>>let\src\libcurl\eclipse\plugins\org.curl_1.0.0\libcurl.jar;C:\UnitNet\UnitNe
>>tServlet\htmlparser1_5\lib\htmlparser.jar;C:\UnitNet\UnitNetServlet\commons-
>>httpclient-2.0.2\commons-httpclient-2.0.2.jar;C:\IntelliJ-IDEA-4.0.3\lib\ide
>>a_rt.jar
>>2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system name:
>>Windows XP
>>2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
>>architecture: x86
>>2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system version:
>>5.1
>>2005/02/16 16:02:36:983 CST [DEBUG] HttpClient - -SUN 1.42: SUN (DSA
>>key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
>>X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
>>CertPathBuilder; LDAP, Collection CertStores)
>>2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE
>>provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories,
>>SSLv3, TLSv1)
>>2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's
>>provider for RSA signatures
>>2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJCE 1.42: SunJCE
>>Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman,
>>HMAC-MD5, HMAC-SHA1)
>>2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos
>>v5)
>>2005/02/16 16:02:43:593 CST [DEBUG] HttpConnection -
>>-HttpConnection.setSoTimeout(0)
>>2005/02/16 16:02:43:593 CST [DEBUG] HttpMethodBase - -Execute loop try 1
>>2005/02/16 16:02:43:593 CST [DEBUG] header - ->> "GET
>>/Login.asp?PageID=1447&Directory=mkbiz/Canada/LoginRefresh.asp?PageID=1447&D
>>irectory=mkbiz HTTP/1.1[\r][\n]"
>>2005/02/16 16:02:43:608 CST [DEBUG] HttpMethodBase - -Adding Host request
>>header
>>2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "User-Agent: Mozilla/4.0
>>(compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
>>2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "Host:
>>www.marykay.ca[\r][\n]"
>>2005/02/16 16:02:44:062 CST [DEBUG] header - ->> "[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "HTTP/1.1 200 OK[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Server:
>>Microsoft-IIS/5.0[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
>>22:02:44 GMT[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "X-Powered-By:
>>ASP.NET[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Length:
>>5099[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Type:
>>text/html[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb 2005
>>22:02:44 GMT[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
>>ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D; expires=Fri,
>>18-Mar-2005 22:02:44 GMT; path=/[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: GUID=;
>>path=/[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: LanguageID=1;
>>path=/[\r][\n]"
>>2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
>>LanguageDefaulted=True; path=/[\r][\n]"
>>2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
>>ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ; path=/[\r][\n]"
>>2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Cache-control:
>>private[\r][\n]"
>>2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0; Domain=.marykay.ca[\r];
>>path=/[\r][\n]"
>>2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTHID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r];
>>path=/[\r][\n]"
>>2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTUID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r]; path=/;
>>expires=Wed, 16-02-2015 22:02:44 GMT[\r][\n]"
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D"
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"GUID="
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"LanguageID=1"
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"LanguageDefaulted=True"
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ"
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0"
>>2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"TLTHID=6BC2644642F5132C7BE4178ECB8F15EA"
>>2005/02/16 16:02:44:437 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"TLTUID=6BC2644642F5132C7BE4178ECB8F15EA"
>>2005/02/16 16:02:46:530 CST [DEBUG] HttpMethodBase - -Buffering response
>>body
>>2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Resorting to protocol
>>version default close connection policy
>>2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Should NOT close
>>connection, using HTTP/1.1.
>>2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Default charset used:
>>ISO-8859-1
>>-----------------
>>-----------------
>>2005/02/16 16:02:53:890 CST [DEBUG] HttpConnection -
>>-HttpConnection.setSoTimeout(0)
>>2005/02/16 16:02:53:890 CST [DEBUG] HttpMethodBase - -Execute loop try 1
>>2005/02/16 16:02:53:890 CST [DEBUG] header - ->> "POST
>>/Login.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
>>2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Adding Host request
>>header
>>2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Default charset used:
>>ISO-8859-1
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "User-Agent: Mozilla/4.0
>>(compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Host:
>>www.marykay.ca[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
>>ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie: GUID=[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
>>LanguageID=1[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
>>LanguageDefaulted=True[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
>>ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ[\r][\n]"
>>2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
>>TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0[\r][\n]"
>>2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
>>TLTHID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
>>2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
>>TLTUID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
>>2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Length:
>>98[\r][\n]"
>>2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Type:
>>application/x-www-form-urlencoded[\r][\n]"
>>2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "[\r][\n]"
>>2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Using buffered
>>request body
>>2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Request body
>>sent
>>2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "HTTP/1.1 100
>>Continue[\r][\n]"
>>2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Server:
>>Microsoft-IIS/5.0[\r][\n]"
>>2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
>>22:02:54 GMT[\r][\n]"
>>2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "X-Powered-By:
>>ASP.NET[\r][\n]"
>>2005/02/16 16:02:54:030 CST [INFO] HttpMethodBase - -Discarding unexpected
>>response: HTTP/1.1 100 Continue
>>2005/02/16 16:02:55:483 CST [DEBUG] header - -<< "HTTP/1.1 302 Object
>>moved[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Server:
>>Microsoft-IIS/5.0[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
>>22:02:54 GMT[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "X-Powered-By:
>>ASP.NET[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Location:
>>Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Length:
>>121[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Type:
>>text/html[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb 2005
>>05:22:54 GMT[\r][\n]"
>>2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Set-Cookie:
>>SubsidiaryCode=CA; path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>ContactID=21970231; path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D; path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie: LanguageID=1;
>>domain=.marykay.ca; path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>LanguageDefaulted=True; path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>CustomerNumber=xxxxx; domain=.marykay.ca; path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Cache-control:
>>private[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTSID=D9D92A57456F0181E5053FAE47A58E05z0; Domain=.marykay.ca[\r];
>>path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTHID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r];
>>path=/[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTUID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r]; path=/;
>>expires=Wed, 16-02-2015 22:02:54 GMT[\r][\n]"
>>2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"SubsidiaryCode=CA"
>>2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"ContactID=21970231"
>>2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D"
>>2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"LanguageID=1"
>>2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"LanguageDefaulted=True"
>>2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"CustomerNumber=xxxxx"
>>2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"TLTSID=D9D92A57456F0181E5053FAE47A58E05z0"
>>2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"TLTHID=D9D92A57456F0181E5053FAE47A58E05"
>>2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
>>"TLTUID=D9D92A57456F0181E5053FAE47A58E05"
>>2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Redirect required
>>2005/02/16 16:02:55:530 CST [INFO] HttpMethodBase - -Redirect requested but
>>followRedirects is disabled
>>Login form post: HTTP/1.1 302 Object moved
>>2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Buffering response
>>body
>>2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Resorting to protocol
>>version default close connection policy
>>2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Should NOT close
>>connection, using HTTP/1.1.
>>2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Default charset used:
>>ISO-8859-1
>>-----------------
>>-----------------
>>Logon cookies:
>>- ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D
>>- LanguageID=1
>>- ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ
>>- SubsidiaryCode=CA
>>- ContactID=21970231
>>- GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D
>>- LanguageID=1
>>- LanguageDefaulted=True
>>- CustomerNumber=xxxxx
>>- TLTSID=D9D92A57456F0181E5053FAE47A58E05z0
>>- TLTHID=D9D92A57456F0181E5053FAE47A58E05
>>- TLTUID=D9D92A57456F0181E5053FAE47A58E05
>>Redirect target: Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz
>>2005/02/16 16:03:13:390 CST [DEBUG] HttpConnection -
>>-HttpConnection.setSoTimeout(0)
>>2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Execute loop try 1
>>2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "GET
>>Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
>>2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Adding Host request
>>header
>>2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "User-Agent: Jakarta
>>Commons-HttpClient/2.0.2[\r][\n]"
>>2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "Host:
>>www.marykay.ca[\r][\n]"
>>2005/02/16 16:03:13:405 CST [DEBUG] header - ->> "[\r][\n]"
>>2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "HTTP/1.1 400 Bad
>>Request[\r][\n]"
>>2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "Server:
>>Microsoft-IIS/5.0[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
>>22:03:13 GMT[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Connection: close[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Type:
>>text/html[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Length:
>>87[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTSID=8F72EB484561F88A535635A72C8A4536z0; Domain=.marykay.ca[\r];
>>path=/[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTHID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r];
>>path=/[\r][\n]"
>>2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
>>TLTUID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r]; path=/;
>>expires=Wed, 16-02-2015 22:03:14 GMT[\r][\n]"
>>2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
>>"TLTSID=8F72EB484561F88A535635A72C8A4536z0". Illegal path attribute "/".
>>Path of origin: "Canada/LoginRefresh.asp"
>>2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
>>"TLTHID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/". Path
>>of origin: "Canada/LoginRefresh.asp"
>>2005/02/16 16:03:13:546 CST [WARN] HttpMethodBase - -Cookie rejected:
>>"TLTUID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/". Path
>>of origin: "Canada/LoginRefresh.asp"
>>Redirect: HTTP/1.1 400 Bad Request
>>
>>-----Original Message-----
>>From: Oleg Kalnichevski [mailto:olegk@apache.org]
>>Sent: Wednesday, February 16, 2005 2:55 PM
>>To: HttpClient User Discussion
>>Subject: RE: Can someone please explain what these errors mean?
>>
>>Randy,
>>
>>Please post a wire/context log of the HTTP session to this list. I'll look
>>at it tomorrow
>>
>>http://jakarta.apache.org/commons/httpclient/logging.html
>>
>>Oleg
>>
>>On Wed, 2005-02-16 at 10:05 -0600, Randy Paries wrote:
>>
>>
>>>Hello
>>>
>>>Actually I do not have access to the backend, so I am unsure
>>>
>>>With my client I already do
>>>client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
>>>
>>>Thanks
>>>
>>>-----Original Message-----
>>>From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
>>>Sent: Tuesday, February 15, 2005 6:58 PM
>>>To: 'HttpClient User Discussion'
>>>Subject: RE: Can someone please explain what these errors mean?
>>>
>>>Well,
>>>
>>>I can say that the TLTSID looks like a cookie that gets injected into
>>>the HTTP headers by a product called Realitea from Tea Leaf
>>>Technologies. Does your company use that product?
>>>
>>>Sounds like you want to explicitly set your cookie policy to
>>>Compatibility and see if that helps.
>>>
>>>Good luck.
>>>
>>>Ken
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Randy Paries [mailto:randy.paries@unitnet.com]
>>>>Sent: Tuesday, February 15, 2005 4:23 PM
>>>>To: 'HttpClient User Discussion'
>>>>Subject: Can someone please explain what these errors mean?
>>>>
>>>>Hello,
>>>>
>>>>I am using httpClient to login into a site and then grab some data
>>>>from a report
>>>>
>>>>After I post the login info, I get a 302 and I redirect to that page.
>>>>
>>>>When I go to the redirected URL I get these error messages. Can
>>>>someone explain what they mean?
>>>>
>>>>Thanks
>>>>
>>>>Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
>>>>processResponseHeaders
>>>>WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
>>>>Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
>>>>Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
>>>>processResponseHeaders
>>>>WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
>>>>Illegal
>>>>path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
>>>>Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
>>>>processResponseHeaders
>>>>WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
>>>>Illegal
>>>>path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
>>>>
>>>>
>>>>
>>>>
>>>>--------------------------------------------------------------------
>>>>- To unsubscribe, e-mail:
>>>>httpclient-user-unsubscribe@jakarta.apache.org
>>>>For additional commands, e-mail:
>>>>httpclient-user-help@jakarta.apache.org
>>>>
>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail:
>>>httpclient-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail:
>>>httpclient-user-help@jakarta.apache.org
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
never mind. You came pretty close to convincing me :-)
cheers,
Roland
Oleg Kalnichevski <ol...@apache.org>
17.02.2005 14:27
Please respond to
"HttpClient User Discussion"
To
HttpClient User Discussion <ht...@jakarta.apache.org>
cc
Subject
Re: cookie paths (was: Can someone please explain what these errors mean?)
> the client to the server. Here, I fully agree with you. A cookie
> for /app1 is sent only to /app1/*. But I still say that the cookie
> can have been set by /app1/screens/login.jsp in the first place.
>
All right. You are right. I was wrong. I confused the algorithm of
rejecting cookies with that of matching cookies. Sorry. Ayatollahs err too
Oleg
> > I have no problem with being proven wrong. I can err as any mortal
> human.
>
> Since we cannot agree on a common interpretation of the RFC,
> I doubt either of us can prove the other wrong :-) Referring
> to the implementation, the last check in method validate(...)
> of CookieSpecBase does not match your interpretation, does it?
>
>
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java?view=markup
>
> cheers,
> Roland
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Oleg Kalnichevski <ol...@apache.org>.
> the client to the server. Here, I fully agree with you. A cookie
> for /app1 is sent only to /app1/*. But I still say that the cookie
> can have been set by /app1/screens/login.jsp in the first place.
>
All right. You are right. I was wrong. I confused the algorithm of
rejecting cookies with that of matching cookies. Sorry. Ayatollahs err too
Oleg
> > I have no problem with being proven wrong. I can err as any mortal
> human.
>
> Since we cannot agree on a common interpretation of the RFC,
> I doubt either of us can prove the other wrong :-) Referring
> to the implementation, the last check in method validate(...)
> of CookieSpecBase does not match your interpretation, does it?
>
> http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java?view=markup
>
> cheers,
> Roland
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
> Think of session cookies. Most of browsers do not include the path
> attribute when sending cookies to the server. If the scheme you
> are suggesting were correct a servlet engine would not be able to
> distinguish session ids of individual web applications
That is correct. All web applications use the same session ID.
They keep different session objects in memory, so their data
remains separate. What ID is used does not really matter.
> Please do take a look at the Netscape draft:
>
> path=PATH
> The path attribute is used to specify the subset of URLs in a
> domain for which the cookie is valid. If a cookie has already
> passed domain matching, then the pathname component of the URL is
> compared with the path attribute, and if there is a match, the
> cookie is considered valid and is sent along with the URL request.
> The path "/foo" would match "/foobar" and "/foo/bar.html". The path
> "/" is the most general path.
>
> RFC 2109 meant to say pretty much the same
Yes, that's for selecting those cookies that get sent back from
the client to the server. Here, I fully agree with you. A cookie
for /app1 is sent only to /app1/*. But I still say that the cookie
can have been set by /app1/screens/login.jsp in the first place.
> I have no problem with being proven wrong. I can err as any mortal
human.
Since we cannot agree on a common interpretation of the RFC,
I doubt either of us can prove the other wrong :-) Referring
to the implementation, the last check in method validate(...)
of CookieSpecBase does not match your interpretation, does it?
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java?view=markup
cheers,
Roland
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, Feb 17, 2005 at 01:12:47PM +0100, Roland Weber wrote:
> Hi Oleg,
>
> Amazon controls all their applications :-) Seriously, when
> you deploy web modules on a single host, you have to
> take care that these modules interact well. For co-hosting,
> you better use different host names.
Think of session cookies. Most of browsers do not include the path
attribute when sending cookies to the server. If the scheme you
are suggesting were correct a servlet engine would not be able to
distinguish session ids of individual web applications
> If you want to prevent the kind of cross-path-cooking
> attack you describe, that has to happen on the server.
> The browser/client will never be able to tell whether two
> paths belong to different applications or to different parts
> of the same application.
They can't and they are not supposed to. They just have to follow the
cookie spec. This is precisely the reason for disallowing cookie with a
more genetric path attribute, eg "/app1/stuff", originating from a URL
like "/app/stuff/morestuff/myapp.asp".
>
> Ok, one last example. You write a servlet and deploy it
> with servlet mapping /app1/*. That means all requests
> below /app1/ end up being served by that same servlet.
> Surely, you would expect the servlet to be able to set
> a cookie for /app1, even if the request URI is
> /app1/with/extra/information/and/some ?
No, I would not. I have been acting Evil Cookie Ayatollah for quite a
while already ;-)
Please do take a look at the Netscape draft:
path=PATH
The path attribute is used to specify the subset of URLs in a
domain for which the cookie is valid. If a cookie has already
passed domain matching, then the pathname component of the URL is
compared with the path attribute, and if there is a match, the
cookie is considered valid and is sent along with the URL request.
The path "/foo" would match "/foobar" and "/foo/bar.html". The path
"/" is the most general path.
RFC 2109 meant to say pretty much the same
>
> If that doesn't convince you, you've won this argument.
> (Which doesn't mean you're right ;-)
I have no problem with being proven wrong. I can err as any mortal human.
Cheers,
Oleg
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 12:04
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors mean?)
>
>
>
>
>
>
> Cmon, Roland
>
> You SERIOUSLY would not mind /evil-russian-mafia application sending
> session cookies to /goodie-goodie-american-co application co-hosted on
> the same server WITHOUT Goodie Goodie American Co consent? ;-)
>
> Think twice next time you place an order on Amazon.
>
>
> On Thu, Feb 17, 2005 at 11:50:07AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > you are allowed to disagree ;-)
> >
> > If /app1 and /app2 want to share a session, the session cookie
> > must be set with path "/" by either of them.
>
> What if one of them does not?
>
> If they don't want
> > to share a cookie, they set it with their own prefix /app1 or /app2.
> >
> > If cookies collide by name, RFC 2965 says (page 12, top) that
> > the one with the more specific path must come first in the
> > header. So the cookie "MYOMY" with path /app1 will be found
> > before the cookie "MYOMY" with path /. That helps to resolve
> > collissions between cookies with different paths.
> >
> > To pick up your interpretation, if /app1 was allowed to set a
> > cookie for /app1/whatever/, how is it supposed to receive that
> > cookie ever again?
>
> By specifying /app1 as a cookie path attribute. Please take a look at
> the original Netscape cookie draft. It is slightly more human readable
> than those RFC that take a PhD Stanford to interpret. See examples given
> in the draft
>
> http://wp.netscape.com/newsref/std/cookie_spec.html
>
> Oleg the Evil Cookie Ayatollah
>
> The prefix condition in my interpretation
> > makes sure that the one who sets a cookie will always be
> > allowed to get it back.
> >
> > cheers,
> > Roland
> >
> >
> >
> >
> >
> > Oleg Kalnichevski <ol...@apache.org>
> > 17.02.2005 11:28
> > Please respond to
> > "HttpClient User Discussion"
> >
> >
> > To
> > HttpClient User Discussion <ht...@jakarta.apache.org>
> > cc
> >
> > Subject
> > Re: cookie paths (was: Can someone please explain what these errors
> mean?)
> >
> >
> >
> >
> >
> >
> > Roland,
> > With all due respect allow me to disagree. I see it absolutely the other
> > way around.
> >
> > Since we talk examples, consider the following: you have two web apps
> > hosted by the same web server with different URL prefixes
> >
> > /app1
> > /app2
> >
> > I seriously doubt you'd want a cookie set by /app1 to be sent tp /app2
> >
> > Cheers,
> >
> > Oleg
> >
> >
> > On Thu, Feb 17, 2005 at 11:19:46AM +0100, Roland Weber wrote:
> > > Hi Oleg,
> > >
> > > then I was misinterpreting you. Let's put in some examples:
> > >
> > > > RFC 2109
> > > >
> > > > <quote>
> > > > 4.3.2 Rejecting Cookies
> > > >
> > > > To prevent possible security or privacy violations, a user agent
> > rejects
> > > > a cookie (shall not store its information) if any of the following
> is
> > > > true:
> > > >
> > > > * The value for the Path attribute is not a prefix of the
> request-URI.
> > > >
> > > > </quote>
> > >
> > > request-URI: /Canada/whatever.asp
> > > Path attribute: /
> > >
> > > The Path attribute "/" of the received cookie is a prefix of the
> > > request-URI
> > > "/Canada/whatever.asp" from where it is set, so the cookie will not be
>
> > > rejected.
> > >
> > > In other words, a servlet can set cookies with a path shorter than
> > > it's own, but not longer than or different from it's own.
> > >
> > > cheers,
> > > Roland
> > >
> > >
> > >
> > >
> > >
> > > Oleg Kalnichevski <ol...@apache.org>
> > > 17.02.2005 11:10
> > > Please respond to
> > > "HttpClient User Discussion"
> > >
> > >
> > > To
> > > HttpClient User Discussion <ht...@jakarta.apache.org>
> > > cc
> > >
> > > Subject
> > > Re: cookie paths (was: Can someone please explain what these errors
> > mean?)
> > >
> > >
> > >
> > >
> > >
> > >
> > > Roland,
> > >
> > > I still think the wording of the RFCs implies that "/Canada/"
> > > matches "/" but not the other way around. A cookie with a path
> attribute
> > > "/Canada" can be set at the URL "/", but not visa versa.
> > >
> > > Oleg
> > >
> > >
> > > On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> > > > Hi Oleg,
> > > >
> > > > speaking from a string perspective, "/" is a prefix of both,
> > > > "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> > > > string-matching for paths on top of page 2.
> > > >
> > > > cheers,
> > > > Roland
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Oleg Kalnichevski <ol...@apache.org>
> > > > 17.02.2005 10:31
> > > > Please respond to
> > > > "HttpClient User Discussion"
> > > >
> > > >
> > > > To
> > > > HttpClient User Discussion <ht...@jakarta.apache.org>
> > > > cc
> > > >
> > > > Subject
> > > > Re: cookie paths (was: Can someone please explain what these errors
> > > mean?)
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > RFC 2109
> > > >
> > > > <quote>
> > > > 4.3.2 Rejecting Cookies
> > > >
> > > > To prevent possible security or privacy violations, a user agent
> > rejects
> > > > a cookie (shall not store its information) if any of the following
> is
> > > > true:
> > > >
> > > > * The value for the Path attribute is not a prefix of the
> request-URI.
> > > >
> > > > </quote>
> > > >
> > > > Please correct me if I am wrong but the first point implies that a
> CGI
> > > > at the url "/Canada/whatever.asp" may only set cookies with path
> > > > starting with "/Canada/". Am I misreading the RFC?
> > > >
> > > > Evil Comrade Oleg (a.k.a cookie ayatollah)
> > > >
> > > >
> > > > On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > > > > Hi Oleg,
> > > > >
> > > > > > A cookie with "/" path attribute may not be
> > > > > > set from a URL other than "/".
> > > > >
> > > > > my understanding is that a cookie with path "/" may be set from
> any
> > > URL
> > > > > with
> > > > > path prefix "/". RFC 2109 mentions the prefix requirement in
> section
> >
> > > > 4.3.2
> > > > > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike
> with
> > > > domain
> > > > > names, there is no "reach" restriction that would prevent a
> servlet
> > at
> > > > > /where/ever/it/may/reside to set a cookie for / on that host,
> which
> > > > would
> > > > > be the same as setting a cookie without any path at all.
> > > > >
> > > > > cheers,
> > > > > Roland
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> httpclient-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
Amazon controls all their applications :-) Seriously, when
you deploy web modules on a single host, you have to
take care that these modules interact well. For co-hosting,
you better use different host names.
If you want to prevent the kind of cross-path-cooking
attack you describe, that has to happen on the server.
The browser/client will never be able to tell whether two
paths belong to different applications or to different parts
of the same application.
Ok, one last example. You write a servlet and deploy it
with servlet mapping /app1/*. That means all requests
below /app1/ end up being served by that same servlet.
Surely, you would expect the servlet to be able to set
a cookie for /app1, even if the request URI is
/app1/with/extra/information/and/some ?
If that doesn't convince you, you've won this argument.
(Which doesn't mean you're right ;-)
cheers,
Roland
Oleg Kalnichevski <ol...@apache.org>
17.02.2005 12:04
Please respond to
"HttpClient User Discussion"
To
HttpClient User Discussion <ht...@jakarta.apache.org>
cc
Subject
Re: cookie paths (was: Can someone please explain what these errors mean?)
Cmon, Roland
You SERIOUSLY would not mind /evil-russian-mafia application sending
session cookies to /goodie-goodie-american-co application co-hosted on
the same server WITHOUT Goodie Goodie American Co consent? ;-)
Think twice next time you place an order on Amazon.
On Thu, Feb 17, 2005 at 11:50:07AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> you are allowed to disagree ;-)
>
> If /app1 and /app2 want to share a session, the session cookie
> must be set with path "/" by either of them.
What if one of them does not?
If they don't want
> to share a cookie, they set it with their own prefix /app1 or /app2.
>
> If cookies collide by name, RFC 2965 says (page 12, top) that
> the one with the more specific path must come first in the
> header. So the cookie "MYOMY" with path /app1 will be found
> before the cookie "MYOMY" with path /. That helps to resolve
> collissions between cookies with different paths.
>
> To pick up your interpretation, if /app1 was allowed to set a
> cookie for /app1/whatever/, how is it supposed to receive that
> cookie ever again?
By specifying /app1 as a cookie path attribute. Please take a look at
the original Netscape cookie draft. It is slightly more human readable
than those RFC that take a PhD Stanford to interpret. See examples given
in the draft
http://wp.netscape.com/newsref/std/cookie_spec.html
Oleg the Evil Cookie Ayatollah
The prefix condition in my interpretation
> makes sure that the one who sets a cookie will always be
> allowed to get it back.
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 11:28
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors
mean?)
>
>
>
>
>
>
> Roland,
> With all due respect allow me to disagree. I see it absolutely the other
> way around.
>
> Since we talk examples, consider the following: you have two web apps
> hosted by the same web server with different URL prefixes
>
> /app1
> /app2
>
> I seriously doubt you'd want a cookie set by /app1 to be sent tp /app2
>
> Cheers,
>
> Oleg
>
>
> On Thu, Feb 17, 2005 at 11:19:46AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > then I was misinterpreting you. Let's put in some examples:
> >
> > > RFC 2109
> > >
> > > <quote>
> > > 4.3.2 Rejecting Cookies
> > >
> > > To prevent possible security or privacy violations, a user agent
> rejects
> > > a cookie (shall not store its information) if any of the following
is
> > > true:
> > >
> > > * The value for the Path attribute is not a prefix of the
request-URI.
> > >
> > > </quote>
> >
> > request-URI: /Canada/whatever.asp
> > Path attribute: /
> >
> > The Path attribute "/" of the received cookie is a prefix of the
> > request-URI
> > "/Canada/whatever.asp" from where it is set, so the cookie will not be
> > rejected.
> >
> > In other words, a servlet can set cookies with a path shorter than
> > it's own, but not longer than or different from it's own.
> >
> > cheers,
> > Roland
> >
> >
> >
> >
> >
> > Oleg Kalnichevski <ol...@apache.org>
> > 17.02.2005 11:10
> > Please respond to
> > "HttpClient User Discussion"
> >
> >
> > To
> > HttpClient User Discussion <ht...@jakarta.apache.org>
> > cc
> >
> > Subject
> > Re: cookie paths (was: Can someone please explain what these errors
> mean?)
> >
> >
> >
> >
> >
> >
> > Roland,
> >
> > I still think the wording of the RFCs implies that "/Canada/"
> > matches "/" but not the other way around. A cookie with a path
attribute
> > "/Canada" can be set at the URL "/", but not visa versa.
> >
> > Oleg
> >
> >
> > On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> > > Hi Oleg,
> > >
> > > speaking from a string perspective, "/" is a prefix of both,
> > > "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> > > string-matching for paths on top of page 2.
> > >
> > > cheers,
> > > Roland
> > >
> > >
> > >
> > >
> > >
> > > Oleg Kalnichevski <ol...@apache.org>
> > > 17.02.2005 10:31
> > > Please respond to
> > > "HttpClient User Discussion"
> > >
> > >
> > > To
> > > HttpClient User Discussion <ht...@jakarta.apache.org>
> > > cc
> > >
> > > Subject
> > > Re: cookie paths (was: Can someone please explain what these errors
> > mean?)
> > >
> > >
> > >
> > >
> > >
> > >
> > > RFC 2109
> > >
> > > <quote>
> > > 4.3.2 Rejecting Cookies
> > >
> > > To prevent possible security or privacy violations, a user agent
> rejects
> > > a cookie (shall not store its information) if any of the following
is
> > > true:
> > >
> > > * The value for the Path attribute is not a prefix of the
request-URI.
> > >
> > > </quote>
> > >
> > > Please correct me if I am wrong but the first point implies that a
CGI
> > > at the url "/Canada/whatever.asp" may only set cookies with path
> > > starting with "/Canada/". Am I misreading the RFC?
> > >
> > > Evil Comrade Oleg (a.k.a cookie ayatollah)
> > >
> > >
> > > On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > > > Hi Oleg,
> > > >
> > > > > A cookie with "/" path attribute may not be
> > > > > set from a URL other than "/".
> > > >
> > > > my understanding is that a cookie with path "/" may be set from
any
> > URL
> > > > with
> > > > path prefix "/". RFC 2109 mentions the prefix requirement in
section
>
> > > 4.3.2
> > > > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike
with
> > > domain
> > > > names, there is no "reach" restriction that would prevent a
servlet
> at
> > > > /where/ever/it/may/reside to set a cookie for / on that host,
which
> > > would
> > > > be the same as setting a cookie without any path at all.
> > > >
> > > > cheers,
> > > > Roland
> > >
> > >
---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
httpclient-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Oleg Kalnichevski <ol...@apache.org>.
Cmon, Roland
You SERIOUSLY would not mind /evil-russian-mafia application sending
session cookies to /goodie-goodie-american-co application co-hosted on
the same server WITHOUT Goodie Goodie American Co consent? ;-)
Think twice next time you place an order on Amazon.
On Thu, Feb 17, 2005 at 11:50:07AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> you are allowed to disagree ;-)
>
> If /app1 and /app2 want to share a session, the session cookie
> must be set with path "/" by either of them.
What if one of them does not?
If they don't want
> to share a cookie, they set it with their own prefix /app1 or /app2.
>
> If cookies collide by name, RFC 2965 says (page 12, top) that
> the one with the more specific path must come first in the
> header. So the cookie "MYOMY" with path /app1 will be found
> before the cookie "MYOMY" with path /. That helps to resolve
> collissions between cookies with different paths.
>
> To pick up your interpretation, if /app1 was allowed to set a
> cookie for /app1/whatever/, how is it supposed to receive that
> cookie ever again?
By specifying /app1 as a cookie path attribute. Please take a look at
the original Netscape cookie draft. It is slightly more human readable
than those RFC that take a PhD Stanford to interpret. See examples given
in the draft
http://wp.netscape.com/newsref/std/cookie_spec.html
Oleg the Evil Cookie Ayatollah
The prefix condition in my interpretation
> makes sure that the one who sets a cookie will always be
> allowed to get it back.
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 11:28
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors mean?)
>
>
>
>
>
>
> Roland,
> With all due respect allow me to disagree. I see it absolutely the other
> way around.
>
> Since we talk examples, consider the following: you have two web apps
> hosted by the same web server with different URL prefixes
>
> /app1
> /app2
>
> I seriously doubt you'd want a cookie set by /app1 to be sent tp /app2
>
> Cheers,
>
> Oleg
>
>
> On Thu, Feb 17, 2005 at 11:19:46AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > then I was misinterpreting you. Let's put in some examples:
> >
> > > RFC 2109
> > >
> > > <quote>
> > > 4.3.2 Rejecting Cookies
> > >
> > > To prevent possible security or privacy violations, a user agent
> rejects
> > > a cookie (shall not store its information) if any of the following is
> > > true:
> > >
> > > * The value for the Path attribute is not a prefix of the request-URI.
> > >
> > > </quote>
> >
> > request-URI: /Canada/whatever.asp
> > Path attribute: /
> >
> > The Path attribute "/" of the received cookie is a prefix of the
> > request-URI
> > "/Canada/whatever.asp" from where it is set, so the cookie will not be
> > rejected.
> >
> > In other words, a servlet can set cookies with a path shorter than
> > it's own, but not longer than or different from it's own.
> >
> > cheers,
> > Roland
> >
> >
> >
> >
> >
> > Oleg Kalnichevski <ol...@apache.org>
> > 17.02.2005 11:10
> > Please respond to
> > "HttpClient User Discussion"
> >
> >
> > To
> > HttpClient User Discussion <ht...@jakarta.apache.org>
> > cc
> >
> > Subject
> > Re: cookie paths (was: Can someone please explain what these errors
> mean?)
> >
> >
> >
> >
> >
> >
> > Roland,
> >
> > I still think the wording of the RFCs implies that "/Canada/"
> > matches "/" but not the other way around. A cookie with a path attribute
> > "/Canada" can be set at the URL "/", but not visa versa.
> >
> > Oleg
> >
> >
> > On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> > > Hi Oleg,
> > >
> > > speaking from a string perspective, "/" is a prefix of both,
> > > "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> > > string-matching for paths on top of page 2.
> > >
> > > cheers,
> > > Roland
> > >
> > >
> > >
> > >
> > >
> > > Oleg Kalnichevski <ol...@apache.org>
> > > 17.02.2005 10:31
> > > Please respond to
> > > "HttpClient User Discussion"
> > >
> > >
> > > To
> > > HttpClient User Discussion <ht...@jakarta.apache.org>
> > > cc
> > >
> > > Subject
> > > Re: cookie paths (was: Can someone please explain what these errors
> > mean?)
> > >
> > >
> > >
> > >
> > >
> > >
> > > RFC 2109
> > >
> > > <quote>
> > > 4.3.2 Rejecting Cookies
> > >
> > > To prevent possible security or privacy violations, a user agent
> rejects
> > > a cookie (shall not store its information) if any of the following is
> > > true:
> > >
> > > * The value for the Path attribute is not a prefix of the request-URI.
> > >
> > > </quote>
> > >
> > > Please correct me if I am wrong but the first point implies that a CGI
> > > at the url "/Canada/whatever.asp" may only set cookies with path
> > > starting with "/Canada/". Am I misreading the RFC?
> > >
> > > Evil Comrade Oleg (a.k.a cookie ayatollah)
> > >
> > >
> > > On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > > > Hi Oleg,
> > > >
> > > > > A cookie with "/" path attribute may not be
> > > > > set from a URL other than "/".
> > > >
> > > > my understanding is that a cookie with path "/" may be set from any
> > URL
> > > > with
> > > > path prefix "/". RFC 2109 mentions the prefix requirement in section
>
> > > 4.3.2
> > > > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with
> > > domain
> > > > names, there is no "reach" restriction that would prevent a servlet
> at
> > > > /where/ever/it/may/reside to set a cookie for / on that host, which
> > > would
> > > > be the same as setting a cookie without any path at all.
> > > >
> > > > cheers,
> > > > Roland
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
you are allowed to disagree ;-)
If /app1 and /app2 want to share a session, the session cookie
must be set with path "/" by either of them. If they don't want
to share a cookie, they set it with their own prefix /app1 or /app2.
If cookies collide by name, RFC 2965 says (page 12, top) that
the one with the more specific path must come first in the
header. So the cookie "MYOMY" with path /app1 will be found
before the cookie "MYOMY" with path /. That helps to resolve
collissions between cookies with different paths.
To pick up your interpretation, if /app1 was allowed to set a
cookie for /app1/whatever/, how is it supposed to receive that
cookie ever again? The prefix condition in my interpretation
makes sure that the one who sets a cookie will always be
allowed to get it back.
cheers,
Roland
Oleg Kalnichevski <ol...@apache.org>
17.02.2005 11:28
Please respond to
"HttpClient User Discussion"
To
HttpClient User Discussion <ht...@jakarta.apache.org>
cc
Subject
Re: cookie paths (was: Can someone please explain what these errors mean?)
Roland,
With all due respect allow me to disagree. I see it absolutely the other
way around.
Since we talk examples, consider the following: you have two web apps
hosted by the same web server with different URL prefixes
/app1
/app2
I seriously doubt you'd want a cookie set by /app1 to be sent tp /app2
Cheers,
Oleg
On Thu, Feb 17, 2005 at 11:19:46AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> then I was misinterpreting you. Let's put in some examples:
>
> > RFC 2109
> >
> > <quote>
> > 4.3.2 Rejecting Cookies
> >
> > To prevent possible security or privacy violations, a user agent
rejects
> > a cookie (shall not store its information) if any of the following is
> > true:
> >
> > * The value for the Path attribute is not a prefix of the request-URI.
> >
> > </quote>
>
> request-URI: /Canada/whatever.asp
> Path attribute: /
>
> The Path attribute "/" of the received cookie is a prefix of the
> request-URI
> "/Canada/whatever.asp" from where it is set, so the cookie will not be
> rejected.
>
> In other words, a servlet can set cookies with a path shorter than
> it's own, but not longer than or different from it's own.
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 11:10
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors
mean?)
>
>
>
>
>
>
> Roland,
>
> I still think the wording of the RFCs implies that "/Canada/"
> matches "/" but not the other way around. A cookie with a path attribute
> "/Canada" can be set at the URL "/", but not visa versa.
>
> Oleg
>
>
> On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > speaking from a string perspective, "/" is a prefix of both,
> > "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> > string-matching for paths on top of page 2.
> >
> > cheers,
> > Roland
> >
> >
> >
> >
> >
> > Oleg Kalnichevski <ol...@apache.org>
> > 17.02.2005 10:31
> > Please respond to
> > "HttpClient User Discussion"
> >
> >
> > To
> > HttpClient User Discussion <ht...@jakarta.apache.org>
> > cc
> >
> > Subject
> > Re: cookie paths (was: Can someone please explain what these errors
> mean?)
> >
> >
> >
> >
> >
> >
> > RFC 2109
> >
> > <quote>
> > 4.3.2 Rejecting Cookies
> >
> > To prevent possible security or privacy violations, a user agent
rejects
> > a cookie (shall not store its information) if any of the following is
> > true:
> >
> > * The value for the Path attribute is not a prefix of the request-URI.
> >
> > </quote>
> >
> > Please correct me if I am wrong but the first point implies that a CGI
> > at the url "/Canada/whatever.asp" may only set cookies with path
> > starting with "/Canada/". Am I misreading the RFC?
> >
> > Evil Comrade Oleg (a.k.a cookie ayatollah)
> >
> >
> > On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > > Hi Oleg,
> > >
> > > > A cookie with "/" path attribute may not be
> > > > set from a URL other than "/".
> > >
> > > my understanding is that a cookie with path "/" may be set from any
> URL
> > > with
> > > path prefix "/". RFC 2109 mentions the prefix requirement in section
> > 4.3.2
> > > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with
> > domain
> > > names, there is no "reach" restriction that would prevent a servlet
at
> > > /where/ever/it/may/reside to set a cookie for / on that host, which
> > would
> > > be the same as setting a cookie without any path at all.
> > >
> > > cheers,
> > > Roland
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
httpclient-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Oleg Kalnichevski <ol...@apache.org>.
Roland,
With all due respect allow me to disagree. I see it absolutely the other
way around.
Since we talk examples, consider the following: you have two web apps
hosted by the same web server with different URL prefixes
/app1
/app2
I seriously doubt you'd want a cookie set by /app1 to be sent tp /app2
Cheers,
Oleg
On Thu, Feb 17, 2005 at 11:19:46AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> then I was misinterpreting you. Let's put in some examples:
>
> > RFC 2109
> >
> > <quote>
> > 4.3.2 Rejecting Cookies
> >
> > To prevent possible security or privacy violations, a user agent rejects
> > a cookie (shall not store its information) if any of the following is
> > true:
> >
> > * The value for the Path attribute is not a prefix of the request-URI.
> >
> > </quote>
>
> request-URI: /Canada/whatever.asp
> Path attribute: /
>
> The Path attribute "/" of the received cookie is a prefix of the
> request-URI
> "/Canada/whatever.asp" from where it is set, so the cookie will not be
> rejected.
>
> In other words, a servlet can set cookies with a path shorter than
> it's own, but not longer than or different from it's own.
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 11:10
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors mean?)
>
>
>
>
>
>
> Roland,
>
> I still think the wording of the RFCs implies that "/Canada/"
> matches "/" but not the other way around. A cookie with a path attribute
> "/Canada" can be set at the URL "/", but not visa versa.
>
> Oleg
>
>
> On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > speaking from a string perspective, "/" is a prefix of both,
> > "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> > string-matching for paths on top of page 2.
> >
> > cheers,
> > Roland
> >
> >
> >
> >
> >
> > Oleg Kalnichevski <ol...@apache.org>
> > 17.02.2005 10:31
> > Please respond to
> > "HttpClient User Discussion"
> >
> >
> > To
> > HttpClient User Discussion <ht...@jakarta.apache.org>
> > cc
> >
> > Subject
> > Re: cookie paths (was: Can someone please explain what these errors
> mean?)
> >
> >
> >
> >
> >
> >
> > RFC 2109
> >
> > <quote>
> > 4.3.2 Rejecting Cookies
> >
> > To prevent possible security or privacy violations, a user agent rejects
> > a cookie (shall not store its information) if any of the following is
> > true:
> >
> > * The value for the Path attribute is not a prefix of the request-URI.
> >
> > </quote>
> >
> > Please correct me if I am wrong but the first point implies that a CGI
> > at the url "/Canada/whatever.asp" may only set cookies with path
> > starting with "/Canada/". Am I misreading the RFC?
> >
> > Evil Comrade Oleg (a.k.a cookie ayatollah)
> >
> >
> > On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > > Hi Oleg,
> > >
> > > > A cookie with "/" path attribute may not be
> > > > set from a URL other than "/".
> > >
> > > my understanding is that a cookie with path "/" may be set from any
> URL
> > > with
> > > path prefix "/". RFC 2109 mentions the prefix requirement in section
> > 4.3.2
> > > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with
> > domain
> > > names, there is no "reach" restriction that would prevent a servlet at
> > > /where/ever/it/may/reside to set a cookie for / on that host, which
> > would
> > > be the same as setting a cookie without any path at all.
> > >
> > > cheers,
> > > Roland
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
then I was misinterpreting you. Let's put in some examples:
> RFC 2109
>
> <quote>
> 4.3.2 Rejecting Cookies
>
> To prevent possible security or privacy violations, a user agent rejects
> a cookie (shall not store its information) if any of the following is
> true:
>
> * The value for the Path attribute is not a prefix of the request-URI.
>
> </quote>
request-URI: /Canada/whatever.asp
Path attribute: /
The Path attribute "/" of the received cookie is a prefix of the
request-URI
"/Canada/whatever.asp" from where it is set, so the cookie will not be
rejected.
In other words, a servlet can set cookies with a path shorter than
it's own, but not longer than or different from it's own.
cheers,
Roland
Oleg Kalnichevski <ol...@apache.org>
17.02.2005 11:10
Please respond to
"HttpClient User Discussion"
To
HttpClient User Discussion <ht...@jakarta.apache.org>
cc
Subject
Re: cookie paths (was: Can someone please explain what these errors mean?)
Roland,
I still think the wording of the RFCs implies that "/Canada/"
matches "/" but not the other way around. A cookie with a path attribute
"/Canada" can be set at the URL "/", but not visa versa.
Oleg
On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> speaking from a string perspective, "/" is a prefix of both,
> "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> string-matching for paths on top of page 2.
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 10:31
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors
mean?)
>
>
>
>
>
>
> RFC 2109
>
> <quote>
> 4.3.2 Rejecting Cookies
>
> To prevent possible security or privacy violations, a user agent rejects
> a cookie (shall not store its information) if any of the following is
> true:
>
> * The value for the Path attribute is not a prefix of the request-URI.
>
> </quote>
>
> Please correct me if I am wrong but the first point implies that a CGI
> at the url "/Canada/whatever.asp" may only set cookies with path
> starting with "/Canada/". Am I misreading the RFC?
>
> Evil Comrade Oleg (a.k.a cookie ayatollah)
>
>
> On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > > A cookie with "/" path attribute may not be
> > > set from a URL other than "/".
> >
> > my understanding is that a cookie with path "/" may be set from any
URL
> > with
> > path prefix "/". RFC 2109 mentions the prefix requirement in section
> 4.3.2
> > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with
> domain
> > names, there is no "reach" restriction that would prevent a servlet at
> > /where/ever/it/may/reside to set a cookie for / on that host, which
> would
> > be the same as setting a cookie without any path at all.
> >
> > cheers,
> > Roland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Oleg Kalnichevski <ol...@apache.org>.
Roland,
I still think the wording of the RFCs implies that "/Canada/"
matches "/" but not the other way around. A cookie with a path attribute
"/Canada" can be set at the URL "/", but not visa versa.
Oleg
On Thu, Feb 17, 2005 at 10:43:51AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> speaking from a string perspective, "/" is a prefix of both,
> "/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
> string-matching for paths on top of page 2.
>
> cheers,
> Roland
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 10:31
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> Re: cookie paths (was: Can someone please explain what these errors mean?)
>
>
>
>
>
>
> RFC 2109
>
> <quote>
> 4.3.2 Rejecting Cookies
>
> To prevent possible security or privacy violations, a user agent rejects
> a cookie (shall not store its information) if any of the following is
> true:
>
> * The value for the Path attribute is not a prefix of the request-URI.
>
> </quote>
>
> Please correct me if I am wrong but the first point implies that a CGI
> at the url "/Canada/whatever.asp" may only set cookies with path
> starting with "/Canada/". Am I misreading the RFC?
>
> Evil Comrade Oleg (a.k.a cookie ayatollah)
>
>
> On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> > Hi Oleg,
> >
> > > A cookie with "/" path attribute may not be
> > > set from a URL other than "/".
> >
> > my understanding is that a cookie with path "/" may be set from any URL
> > with
> > path prefix "/". RFC 2109 mentions the prefix requirement in section
> 4.3.2
> > on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with
> domain
> > names, there is no "reach" restriction that would prevent a servlet at
> > /where/ever/it/may/reside to set a cookie for / on that host, which
> would
> > be the same as setting a cookie without any path at all.
> >
> > cheers,
> > Roland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
speaking from a string perspective, "/" is a prefix of both,
"/Canada" and "/Canada/whatever.asp". RFC 2965 mentions
string-matching for paths on top of page 2.
cheers,
Roland
Oleg Kalnichevski <ol...@apache.org>
17.02.2005 10:31
Please respond to
"HttpClient User Discussion"
To
HttpClient User Discussion <ht...@jakarta.apache.org>
cc
Subject
Re: cookie paths (was: Can someone please explain what these errors mean?)
RFC 2109
<quote>
4.3.2 Rejecting Cookies
To prevent possible security or privacy violations, a user agent rejects
a cookie (shall not store its information) if any of the following is
true:
* The value for the Path attribute is not a prefix of the request-URI.
</quote>
Please correct me if I am wrong but the first point implies that a CGI
at the url "/Canada/whatever.asp" may only set cookies with path
starting with "/Canada/". Am I misreading the RFC?
Evil Comrade Oleg (a.k.a cookie ayatollah)
On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> > A cookie with "/" path attribute may not be
> > set from a URL other than "/".
>
> my understanding is that a cookie with path "/" may be set from any URL
> with
> path prefix "/". RFC 2109 mentions the prefix requirement in section
4.3.2
> on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with
domain
> names, there is no "reach" restriction that would prevent a servlet at
> /where/ever/it/may/reside to set a cookie for / on that host, which
would
> be the same as setting a cookie without any path at all.
>
> cheers,
> Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Oleg Kalnichevski <ol...@apache.org>.
RFC 2109
<quote>
4.3.2 Rejecting Cookies
To prevent possible security or privacy violations, a user agent rejects
a cookie (shall not store its information) if any of the following is
true:
* The value for the Path attribute is not a prefix of the request-URI.
</quote>
Please correct me if I am wrong but the first point implies that a CGI
at the url "/Canada/whatever.asp" may only set cookies with path
starting with "/Canada/". Am I misreading the RFC?
Evil Comrade Oleg (a.k.a cookie ayatollah)
On Thu, Feb 17, 2005 at 10:17:47AM +0100, Roland Weber wrote:
> Hi Oleg,
>
> > A cookie with "/" path attribute may not be
> > set from a URL other than "/".
>
> my understanding is that a cookie with path "/" may be set from any URL
> with
> path prefix "/". RFC 2109 mentions the prefix requirement in section 4.3.2
> on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with domain
> names, there is no "reach" restriction that would prevent a servlet at
> /where/ever/it/may/reside to set a cookie for / on that host, which would
> be the same as setting a cookie without any path at all.
>
> cheers,
> Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: cookie paths (was: Can someone please explain what these errors mean?)
Posted by Roland Weber <RO...@de.ibm.com>.
Hi Oleg,
> A cookie with "/" path attribute may not be
> set from a URL other than "/".
my understanding is that a cookie with path "/" may be set from any URL
with
path prefix "/". RFC 2109 mentions the prefix requirement in section 4.3.2
on page 6. So does RFC 2965 in section 3.3.2 on page 8. Unlike with domain
names, there is no "reach" restriction that would prevent a servlet at
/where/ever/it/may/reside to set a cookie for / on that host, which would
be the same as setting a cookie without any path at all.
cheers,
Roland
Re: Can someone please explain what these errors mean?
Posted by Oleg Kalnichevski <ol...@apache.org>.
Fixing the relative URL would be the right thing to do. This will not fix
the cookie problem, though. A cookie with "/" path attribute may not be
set from a URL other than "/".
Oleg
On Thu, Feb 17, 2005 at 07:55:06AM +0100, Roland Weber wrote:
> Hello Randy, Oleg,
>
> as far as I can see, the problem is actually not the cookie.
> A path of "/" should always be valid, referring to all paths
> on the respective server. The problem arises as a side
> effect from the redirect location "Canada/LoginRefresh.asp".
> By spec, redirect locations have to be absolute URLs.
> This location is not even a server-relative URL with
> absolute path, but a plain relative URL.
> Most browsers will resolve relative redirect locations
> before executing the redirect. This is not the case here.
> As a result, HttpClient will check the validity of the cookie
> path against a relative instead of an absolute URL path.
>
> Randy, the log says that automatic redirects are disabled.
> When your application handles the redirect, try to put a
> "/" in front of the relative URL. Or generate an absolute
> URL based on the original target URL. That should put
> HttpClient back on track.
>
> hope that helps,
> Roland
>
>
>
>
>
>
> Oleg Kalnichevski <ol...@apache.org>
> 17.02.2005 00:00
> Please respond to
> "HttpClient User Discussion"
>
>
> To
> HttpClient User Discussion <ht...@jakarta.apache.org>
> cc
>
> Subject
> RE: Can someone please explain what these errors mean?
>
>
>
>
>
>
> Randy
>
> The path attribute of the cookie in question violates all imaginable
> cookie specs.
>
> Set-Cookie: TLTHID=8F72EB484561F88A535635A72C8A4536;
> Domain=.marykay.ca;path=/
>
> The cookie set from "Canada/LoginRefresh.asp" must have its path
> starting with "Canada/". Does this cookie gets accepted by IE or Mozilla
> Firefox?
>
> Consider upgrading to HttpClient 3.0 as it supports pluggable custom
> cookie specs. You can subclass the browser compatibility spec and make
> it accept cookies with any path attribute.
>
> http://jakarta.apache.org/commons/httpclient/3.0/cookies.html
> http://jakarta.apache.org/commons/httpclient/3.0/preference-api.html
>
> Oleg
>
>
> On Wed, 2005-02-16 at 16:09 -0600, Randy Paries wrote:
> > Thanks for you help
> >
> > I hope this helps
> >
> >
> > 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java version: 1.4.2_04
> > 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java vendor: Sun
> > Microsystems Inc.
> > 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java class path:
> >
> C:\j2sdk1.4.2_04\jre\lib\charsets.jar;C:\j2sdk1.4.2_04\jre\lib\jce.jar;C:\j2
> >
> sdk1.4.2_04\jre\lib\jsse.jar;C:\j2sdk1.4.2_04\jre\lib\plugin.jar;C:\j2sdk1.4
> >
> .2_04\jre\lib\rt.jar;C:\j2sdk1.4.2_04\jre\lib\sunrsasign.jar;C:\j2sdk1.4.2_0
> >
> 4\jre\lib\ext\dnsns.jar;C:\j2sdk1.4.2_04\jre\lib\ext\ldapsec.jar;C:\j2sdk1.4
> >
> .2_04\jre\lib\ext\localedata.jar;C:\j2sdk1.4.2_04\jre\lib\ext\sunjce_provide
> > r.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\classes;C:\Program
> > Files\Apache Software Foundation\Tomcat 5.0\bin\bootstrap.jar;C:\Program
> > Files\Apache Software Foundation\Tomcat
> > 5.0\common\lib\commons-collections.jar;C:\Program Files\Apache Software
> > Foundation\Tomcat 5.0\common\lib\naming-factory.jar;C:\Program
> Files\Apache
> > Software Foundation\Tomcat 5.0\common\lib\jsp-api.jar;C:\Program
> > Files\Apache Software Foundation\Tomcat
> > 5.0\common\lib\servlet-api.jar;C:\Program Files\Apache Software
> > Foundation\Tomcat 5.0\common\lib\ant.jar;C:\Program Files\Apache
> Software
> > Foundation\Tomcat 5.0\common\lib\jasper-compiler.jar;C:\Program
> Files\Apache
> > Software Foundation\Tomcat
> 5.0\common\lib\naming-resources.jar;C:\Program
> > Files\Apache Software Foundation\Tomcat
> > 5.0\common\lib\naming-common.jar;C:\Program Files\Apache Software
> > Foundation\Tomcat 5.0\common\lib\commons-dbcp-1.1.jar;C:\Program
> > Files\Apache Software Foundation\Tomcat
> > 5.0\common\lib\commons-pool-1.1.jar;C:\Program Files\Apache Software
> > Foundation\Tomcat 5.0\common\lib\naming-java.jar;C:\Program Files\Apache
> > Software Foundation\Tomcat 5.0\common\lib\jasper-runtime.jar;C:\Program
> > Files\Apache Software Foundation\Tomcat
> >
> 5.0\common\lib\commons-el.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\a
> >
> ctivation.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\pop3.jar;C:\UnitN
> >
> et\UnitNetServlet\webapp\WEB-INF\lib\mail.jar;C:\UnitNet\UnitNetServlet\weba
> >
> pp\WEB-INF\lib\ActivSpell2.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\
> >
> imap.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\mailapi.jar;C:\UnitNet
> >
> \UnitNetServlet\webapp\WEB-INF\lib\jspellcheck.jar;C:\UnitNet\UnitNetServlet
> >
> \webapp\WEB-INF\lib\activspell.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\
> >
> lib\jspsmartupload.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\smtp.jar
> >
> ;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\activscan.jar;C:\UnitNet\UnitN
> >
> etServlet\webapp\WEB-INF\lib\mysql-connector-java-3.0.14-production-bin.jar;
> >
> C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\acme.jar;C:\UnitNet\UnitNetServ
> >
> let\src\libcurl\eclipse\plugins\org.curl_1.0.0\libcurl.jar;C:\UnitNet\UnitNe
> >
> tServlet\htmlparser1_5\lib\htmlparser.jar;C:\UnitNet\UnitNetServlet\commons-
> >
> httpclient-2.0.2\commons-httpclient-2.0.2.jar;C:\IntelliJ-IDEA-4.0.3\lib\ide
> > a_rt.jar
> > 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system name:
> > Windows XP
> > 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
> > architecture: x86
> > 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
> version:
> > 5.1
> > 2005/02/16 16:02:36:983 CST [DEBUG] HttpClient - -SUN 1.42: SUN (DSA
> > key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> > X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> > CertPathBuilder; LDAP, Collection CertStores)
> > 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE
> > provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories,
> > SSLv3, TLSv1)
> > 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's
> > provider for RSA signatures
> > 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJCE 1.42: SunJCE
> > Provider (implements DES, Triple DES, AES, Blowfish, PBE,
> Diffie-Hellman,
> > HMAC-MD5, HMAC-SHA1)
> > 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJGSS 1.0: Sun
> (Kerberos
> > v5)
> > 2005/02/16 16:02:43:593 CST [DEBUG] HttpConnection -
> > -HttpConnection.setSoTimeout(0)
> > 2005/02/16 16:02:43:593 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> > 2005/02/16 16:02:43:593 CST [DEBUG] header - ->> "GET
> >
> /Login.asp?PageID=1447&Directory=mkbiz/Canada/LoginRefresh.asp?PageID=1447&D
> > irectory=mkbiz HTTP/1.1[\r][\n]"
> > 2005/02/16 16:02:43:608 CST [DEBUG] HttpMethodBase - -Adding Host
> request
> > header
> > 2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "User-Agent:
> Mozilla/4.0
> > (compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
> > 2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "Host:
> > www.marykay.ca[\r][\n]"
> > 2005/02/16 16:02:44:062 CST [DEBUG] header - ->> "[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "HTTP/1.1 200
> OK[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Server:
> > Microsoft-IIS/5.0[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> > 22:02:44 GMT[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "X-Powered-By:
> > ASP.NET[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Pragma:
> No-Cache[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Length:
> > 5099[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Type:
> > text/html[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb
> 2005
> > 22:02:44 GMT[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> > ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D;
> expires=Fri,
> > 18-Mar-2005 22:02:44 GMT; path=/[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: GUID=;
> > path=/[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> LanguageID=1;
> > path=/[\r][\n]"
> > 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> > LanguageDefaulted=True; path=/[\r][\n]"
> > 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> > ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ; path=/[\r][\n]"
> > 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Cache-control:
> > private[\r][\n]"
> > 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0; Domain=.marykay.ca[\r];
> > path=/[\r][\n]"
> > 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTHID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r];
> > path=/[\r][\n]"
> > 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTUID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r]; path=/;
> > expires=Wed, 16-02-2015 22:02:44 GMT[\r][\n]"
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D"
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "GUID="
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "LanguageID=1"
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "LanguageDefaulted=True"
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ"
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0"
> > 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "TLTHID=6BC2644642F5132C7BE4178ECB8F15EA"
> > 2005/02/16 16:02:44:437 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "TLTUID=6BC2644642F5132C7BE4178ECB8F15EA"
> > 2005/02/16 16:02:46:530 CST [DEBUG] HttpMethodBase - -Buffering response
> > body
> > 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Resorting to
> protocol
> > version default close connection policy
> > 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Should NOT close
> > connection, using HTTP/1.1.
> > 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Default charset
> used:
> > ISO-8859-1
> > -----------------
> > -----------------
> > 2005/02/16 16:02:53:890 CST [DEBUG] HttpConnection -
> > -HttpConnection.setSoTimeout(0)
> > 2005/02/16 16:02:53:890 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> > 2005/02/16 16:02:53:890 CST [DEBUG] header - ->> "POST
> > /Login.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
> > 2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Adding Host
> request
> > header
> > 2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Default charset
> used:
> > ISO-8859-1
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "User-Agent:
> Mozilla/4.0
> > (compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Host:
> > www.marykay.ca[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> > ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie: GUID=[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> > LanguageID=1[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> > LanguageDefaulted=True[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> > ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ[\r][\n]"
> > 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> > TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0[\r][\n]"
> > 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
> > TLTHID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
> > 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
> > TLTUID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
> > 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Length:
> > 98[\r][\n]"
> > 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Type:
> > application/x-www-form-urlencoded[\r][\n]"
> > 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "[\r][\n]"
> > 2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Using
> buffered
> > request body
> > 2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Request
> body
> > sent
> > 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "HTTP/1.1 100
> > Continue[\r][\n]"
> > 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Server:
> > Microsoft-IIS/5.0[\r][\n]"
> > 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> > 22:02:54 GMT[\r][\n]"
> > 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "X-Powered-By:
> > ASP.NET[\r][\n]"
> > 2005/02/16 16:02:54:030 CST [INFO] HttpMethodBase - -Discarding
> unexpected
> > response: HTTP/1.1 100 Continue
> > 2005/02/16 16:02:55:483 CST [DEBUG] header - -<< "HTTP/1.1 302 Object
> > moved[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Server:
> > Microsoft-IIS/5.0[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> > 22:02:54 GMT[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "X-Powered-By:
> > ASP.NET[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma:
> No-Cache[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma:
> No-Cache[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Location:
> > Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Length:
> > 121[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Type:
> > text/html[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb
> 2005
> > 05:22:54 GMT[\r][\n]"
> > 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Set-Cookie:
> > SubsidiaryCode=CA; path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > ContactID=21970231; path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D; path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> LanguageID=1;
> > domain=.marykay.ca; path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > LanguageDefaulted=True; path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > CustomerNumber=xxxxx; domain=.marykay.ca; path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Cache-control:
> > private[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTSID=D9D92A57456F0181E5053FAE47A58E05z0; Domain=.marykay.ca[\r];
> > path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTHID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r];
> > path=/[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTUID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r]; path=/;
> > expires=Wed, 16-02-2015 22:02:54 GMT[\r][\n]"
> > 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "SubsidiaryCode=CA"
> > 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "ContactID=21970231"
> > 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D"
> > 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "LanguageID=1"
> > 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "LanguageDefaulted=True"
> > 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "CustomerNumber=xxxxx"
> > 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "TLTSID=D9D92A57456F0181E5053FAE47A58E05z0"
> > 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "TLTHID=D9D92A57456F0181E5053FAE47A58E05"
> > 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> > "TLTUID=D9D92A57456F0181E5053FAE47A58E05"
> > 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Redirect required
> > 2005/02/16 16:02:55:530 CST [INFO] HttpMethodBase - -Redirect requested
> but
> > followRedirects is disabled
> > Login form post: HTTP/1.1 302 Object moved
> > 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Buffering response
> > body
> > 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Resorting to
> protocol
> > version default close connection policy
> > 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Should NOT close
> > connection, using HTTP/1.1.
> > 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Default charset
> used:
> > ISO-8859-1
> > -----------------
> > -----------------
> > Logon cookies:
> > - ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D
> > - LanguageID=1
> > - ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ
> > - SubsidiaryCode=CA
> > - ContactID=21970231
> > - GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D
> > - LanguageID=1
> > - LanguageDefaulted=True
> > - CustomerNumber=xxxxx
> > - TLTSID=D9D92A57456F0181E5053FAE47A58E05z0
> > - TLTHID=D9D92A57456F0181E5053FAE47A58E05
> > - TLTUID=D9D92A57456F0181E5053FAE47A58E05
> > Redirect target: Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz
> > 2005/02/16 16:03:13:390 CST [DEBUG] HttpConnection -
> > -HttpConnection.setSoTimeout(0)
> > 2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> > 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "GET
> > Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
> > 2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Adding Host
> request
> > header
> > 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "User-Agent: Jakarta
> > Commons-HttpClient/2.0.2[\r][\n]"
> > 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "Host:
> > www.marykay.ca[\r][\n]"
> > 2005/02/16 16:03:13:405 CST [DEBUG] header - ->> "[\r][\n]"
> > 2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "HTTP/1.1 400 Bad
> > Request[\r][\n]"
> > 2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "Server:
> > Microsoft-IIS/5.0[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> > 22:03:13 GMT[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Connection:
> close[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Type:
> > text/html[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Length:
> > 87[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTSID=8F72EB484561F88A535635A72C8A4536z0; Domain=.marykay.ca[\r];
> > path=/[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTHID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r];
> > path=/[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> > TLTUID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r]; path=/;
> > expires=Wed, 16-02-2015 22:03:14 GMT[\r][\n]"
> > 2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
> > "TLTSID=8F72EB484561F88A535635A72C8A4536z0". Illegal path attribute "/".
> > Path of origin: "Canada/LoginRefresh.asp"
> > 2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
> > "TLTHID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/".
> Path
> > of origin: "Canada/LoginRefresh.asp"
> > 2005/02/16 16:03:13:546 CST [WARN] HttpMethodBase - -Cookie rejected:
> > "TLTUID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/".
> Path
> > of origin: "Canada/LoginRefresh.asp"
> > Redirect: HTTP/1.1 400 Bad Request
> >
> > -----Original Message-----
> > From: Oleg Kalnichevski [mailto:olegk@apache.org]
> > Sent: Wednesday, February 16, 2005 2:55 PM
> > To: HttpClient User Discussion
> > Subject: RE: Can someone please explain what these errors mean?
> >
> > Randy,
> >
> > Please post a wire/context log of the HTTP session to this list. I'll
> look
> > at it tomorrow
> >
> > http://jakarta.apache.org/commons/httpclient/logging.html
> >
> > Oleg
> >
> > On Wed, 2005-02-16 at 10:05 -0600, Randy Paries wrote:
> > > Hello
> > >
> > > Actually I do not have access to the backend, so I am unsure
> > >
> > > With my client I already do
> > > client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
> > >
> > > Thanks
> > >
> > > -----Original Message-----
> > > From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
> > > Sent: Tuesday, February 15, 2005 6:58 PM
> > > To: 'HttpClient User Discussion'
> > > Subject: RE: Can someone please explain what these errors mean?
> > >
> > > Well,
> > >
> > > I can say that the TLTSID looks like a cookie that gets injected into
> > > the HTTP headers by a product called Realitea from Tea Leaf
> > > Technologies. Does your company use that product?
> > >
> > > Sounds like you want to explicitly set your cookie policy to
> > > Compatibility and see if that helps.
> > >
> > > Good luck.
> > >
> > > Ken
> > >
> > > > -----Original Message-----
> > > > From: Randy Paries [mailto:randy.paries@unitnet.com]
> > > > Sent: Tuesday, February 15, 2005 4:23 PM
> > > > To: 'HttpClient User Discussion'
> > > > Subject: Can someone please explain what these errors mean?
> > > >
> > > > Hello,
> > > >
> > > > I am using httpClient to login into a site and then grab some data
> > > > from a report
> > > >
> > > > After I post the login info, I get a 302 and I redirect to that
> page.
> > > >
> > > > When I go to the redirected URL I get these error messages. Can
> > > > someone explain what they mean?
> > > >
> > > > Thanks
> > > >
> > > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > > processResponseHeaders
> > > > WARNING: Cookie rejected:
> "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> > > > Illegal path attribute "/". Path of origin:
> "Canada/LoginRefresh.asp"
> > > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > > processResponseHeaders
> > > > WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> > > > Illegal
> > > > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > > processResponseHeaders
> > > > WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> > > > Illegal
> > > > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > > >
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------------
> > > > - To unsubscribe, e-mail:
> > > > httpclient-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> > > > httpclient-user-help@jakarta.apache.org
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > > httpclient-user-help@jakarta.apache.org
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > > httpclient-user-help@jakarta.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Roland Weber <RO...@de.ibm.com>.
Hello Randy, Oleg,
as far as I can see, the problem is actually not the cookie.
A path of "/" should always be valid, referring to all paths
on the respective server. The problem arises as a side
effect from the redirect location "Canada/LoginRefresh.asp".
By spec, redirect locations have to be absolute URLs.
This location is not even a server-relative URL with
absolute path, but a plain relative URL.
Most browsers will resolve relative redirect locations
before executing the redirect. This is not the case here.
As a result, HttpClient will check the validity of the cookie
path against a relative instead of an absolute URL path.
Randy, the log says that automatic redirects are disabled.
When your application handles the redirect, try to put a
"/" in front of the relative URL. Or generate an absolute
URL based on the original target URL. That should put
HttpClient back on track.
hope that helps,
Roland
Oleg Kalnichevski <ol...@apache.org>
17.02.2005 00:00
Please respond to
"HttpClient User Discussion"
To
HttpClient User Discussion <ht...@jakarta.apache.org>
cc
Subject
RE: Can someone please explain what these errors mean?
Randy
The path attribute of the cookie in question violates all imaginable
cookie specs.
Set-Cookie: TLTHID=8F72EB484561F88A535635A72C8A4536;
Domain=.marykay.ca;path=/
The cookie set from "Canada/LoginRefresh.asp" must have its path
starting with "Canada/". Does this cookie gets accepted by IE or Mozilla
Firefox?
Consider upgrading to HttpClient 3.0 as it supports pluggable custom
cookie specs. You can subclass the browser compatibility spec and make
it accept cookies with any path attribute.
http://jakarta.apache.org/commons/httpclient/3.0/cookies.html
http://jakarta.apache.org/commons/httpclient/3.0/preference-api.html
Oleg
On Wed, 2005-02-16 at 16:09 -0600, Randy Paries wrote:
> Thanks for you help
>
> I hope this helps
>
>
> 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java version: 1.4.2_04
> 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java vendor: Sun
> Microsystems Inc.
> 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java class path:
>
C:\j2sdk1.4.2_04\jre\lib\charsets.jar;C:\j2sdk1.4.2_04\jre\lib\jce.jar;C:\j2
>
sdk1.4.2_04\jre\lib\jsse.jar;C:\j2sdk1.4.2_04\jre\lib\plugin.jar;C:\j2sdk1.4
>
.2_04\jre\lib\rt.jar;C:\j2sdk1.4.2_04\jre\lib\sunrsasign.jar;C:\j2sdk1.4.2_0
>
4\jre\lib\ext\dnsns.jar;C:\j2sdk1.4.2_04\jre\lib\ext\ldapsec.jar;C:\j2sdk1.4
>
.2_04\jre\lib\ext\localedata.jar;C:\j2sdk1.4.2_04\jre\lib\ext\sunjce_provide
> r.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\classes;C:\Program
> Files\Apache Software Foundation\Tomcat 5.0\bin\bootstrap.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\commons-collections.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\naming-factory.jar;C:\Program
Files\Apache
> Software Foundation\Tomcat 5.0\common\lib\jsp-api.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\servlet-api.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\ant.jar;C:\Program Files\Apache
Software
> Foundation\Tomcat 5.0\common\lib\jasper-compiler.jar;C:\Program
Files\Apache
> Software Foundation\Tomcat
5.0\common\lib\naming-resources.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\naming-common.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\commons-dbcp-1.1.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\commons-pool-1.1.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\naming-java.jar;C:\Program Files\Apache
> Software Foundation\Tomcat 5.0\common\lib\jasper-runtime.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
>
5.0\common\lib\commons-el.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\a
>
ctivation.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\pop3.jar;C:\UnitN
>
et\UnitNetServlet\webapp\WEB-INF\lib\mail.jar;C:\UnitNet\UnitNetServlet\weba
>
pp\WEB-INF\lib\ActivSpell2.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\
>
imap.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\mailapi.jar;C:\UnitNet
>
\UnitNetServlet\webapp\WEB-INF\lib\jspellcheck.jar;C:\UnitNet\UnitNetServlet
>
\webapp\WEB-INF\lib\activspell.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\
>
lib\jspsmartupload.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\smtp.jar
>
;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\activscan.jar;C:\UnitNet\UnitN
>
etServlet\webapp\WEB-INF\lib\mysql-connector-java-3.0.14-production-bin.jar;
>
C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\acme.jar;C:\UnitNet\UnitNetServ
>
let\src\libcurl\eclipse\plugins\org.curl_1.0.0\libcurl.jar;C:\UnitNet\UnitNe
>
tServlet\htmlparser1_5\lib\htmlparser.jar;C:\UnitNet\UnitNetServlet\commons-
>
httpclient-2.0.2\commons-httpclient-2.0.2.jar;C:\IntelliJ-IDEA-4.0.3\lib\ide
> a_rt.jar
> 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system name:
> Windows XP
> 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
> architecture: x86
> 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
version:
> 5.1
> 2005/02/16 16:02:36:983 CST [DEBUG] HttpClient - -SUN 1.42: SUN (DSA
> key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> CertPathBuilder; LDAP, Collection CertStores)
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE
> provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories,
> SSLv3, TLSv1)
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's
> provider for RSA signatures
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJCE 1.42: SunJCE
> Provider (implements DES, Triple DES, AES, Blowfish, PBE,
Diffie-Hellman,
> HMAC-MD5, HMAC-SHA1)
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJGSS 1.0: Sun
(Kerberos
> v5)
> 2005/02/16 16:02:43:593 CST [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2005/02/16 16:02:43:593 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> 2005/02/16 16:02:43:593 CST [DEBUG] header - ->> "GET
>
/Login.asp?PageID=1447&Directory=mkbiz/Canada/LoginRefresh.asp?PageID=1447&D
> irectory=mkbiz HTTP/1.1[\r][\n]"
> 2005/02/16 16:02:43:608 CST [DEBUG] HttpMethodBase - -Adding Host
request
> header
> 2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "User-Agent:
Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
> 2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "Host:
> www.marykay.ca[\r][\n]"
> 2005/02/16 16:02:44:062 CST [DEBUG] header - ->> "[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "HTTP/1.1 200
OK[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:02:44 GMT[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "X-Powered-By:
> ASP.NET[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Pragma:
No-Cache[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Length:
> 5099[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb
2005
> 22:02:44 GMT[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D;
expires=Fri,
> 18-Mar-2005 22:02:44 GMT; path=/[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: GUID=;
> path=/[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
LanguageID=1;
> path=/[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> LanguageDefaulted=True; path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ; path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Cache-control:
> private[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> TLTHID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> TLTUID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r]; path=/;
> expires=Wed, 16-02-2015 22:02:44 GMT[\r][\n]"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "GUID="
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageID=1"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageDefaulted=True"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTHID=6BC2644642F5132C7BE4178ECB8F15EA"
> 2005/02/16 16:02:44:437 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTUID=6BC2644642F5132C7BE4178ECB8F15EA"
> 2005/02/16 16:02:46:530 CST [DEBUG] HttpMethodBase - -Buffering response
> body
> 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Resorting to
protocol
> version default close connection policy
> 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1.
> 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Default charset
used:
> ISO-8859-1
> -----------------
> -----------------
> 2005/02/16 16:02:53:890 CST [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2005/02/16 16:02:53:890 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> 2005/02/16 16:02:53:890 CST [DEBUG] header - ->> "POST
> /Login.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
> 2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Adding Host
request
> header
> 2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Default charset
used:
> ISO-8859-1
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "User-Agent:
Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Host:
> www.marykay.ca[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie: GUID=[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> LanguageID=1[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> LanguageDefaulted=True[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
> TLTHID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
> TLTUID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Length:
> 98[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Type:
> application/x-www-form-urlencoded[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Using
buffered
> request body
> 2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Request
body
> sent
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "HTTP/1.1 100
> Continue[\r][\n]"
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:02:54 GMT[\r][\n]"
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "X-Powered-By:
> ASP.NET[\r][\n]"
> 2005/02/16 16:02:54:030 CST [INFO] HttpMethodBase - -Discarding
unexpected
> response: HTTP/1.1 100 Continue
> 2005/02/16 16:02:55:483 CST [DEBUG] header - -<< "HTTP/1.1 302 Object
> moved[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:02:54 GMT[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "X-Powered-By:
> ASP.NET[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma:
No-Cache[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma:
No-Cache[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Location:
> Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Length:
> 121[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb
2005
> 05:22:54 GMT[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Set-Cookie:
> SubsidiaryCode=CA; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> ContactID=21970231; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
LanguageID=1;
> domain=.marykay.ca; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> LanguageDefaulted=True; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> CustomerNumber=xxxxx; domain=.marykay.ca; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Cache-control:
> private[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> TLTSID=D9D92A57456F0181E5053FAE47A58E05z0; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> TLTHID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> TLTUID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r]; path=/;
> expires=Wed, 16-02-2015 22:02:54 GMT[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "SubsidiaryCode=CA"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "ContactID=21970231"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageID=1"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageDefaulted=True"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "CustomerNumber=xxxxx"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTSID=D9D92A57456F0181E5053FAE47A58E05z0"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTHID=D9D92A57456F0181E5053FAE47A58E05"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTUID=D9D92A57456F0181E5053FAE47A58E05"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Redirect required
> 2005/02/16 16:02:55:530 CST [INFO] HttpMethodBase - -Redirect requested
but
> followRedirects is disabled
> Login form post: HTTP/1.1 302 Object moved
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Buffering response
> body
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Resorting to
protocol
> version default close connection policy
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1.
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Default charset
used:
> ISO-8859-1
> -----------------
> -----------------
> Logon cookies:
> - ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D
> - LanguageID=1
> - ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ
> - SubsidiaryCode=CA
> - ContactID=21970231
> - GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D
> - LanguageID=1
> - LanguageDefaulted=True
> - CustomerNumber=xxxxx
> - TLTSID=D9D92A57456F0181E5053FAE47A58E05z0
> - TLTHID=D9D92A57456F0181E5053FAE47A58E05
> - TLTUID=D9D92A57456F0181E5053FAE47A58E05
> Redirect target: Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz
> 2005/02/16 16:03:13:390 CST [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "GET
> Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
> 2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Adding Host
request
> header
> 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/2.0.2[\r][\n]"
> 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "Host:
> www.marykay.ca[\r][\n]"
> 2005/02/16 16:03:13:405 CST [DEBUG] header - ->> "[\r][\n]"
> 2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "HTTP/1.1 400 Bad
> Request[\r][\n]"
> 2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:03:13 GMT[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Connection:
close[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Length:
> 87[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> TLTSID=8F72EB484561F88A535635A72C8A4536z0; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> TLTHID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> TLTUID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r]; path=/;
> expires=Wed, 16-02-2015 22:03:14 GMT[\r][\n]"
> 2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
> "TLTSID=8F72EB484561F88A535635A72C8A4536z0". Illegal path attribute "/".
> Path of origin: "Canada/LoginRefresh.asp"
> 2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
> "TLTHID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/".
Path
> of origin: "Canada/LoginRefresh.asp"
> 2005/02/16 16:03:13:546 CST [WARN] HttpMethodBase - -Cookie rejected:
> "TLTUID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/".
Path
> of origin: "Canada/LoginRefresh.asp"
> Redirect: HTTP/1.1 400 Bad Request
>
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: Wednesday, February 16, 2005 2:55 PM
> To: HttpClient User Discussion
> Subject: RE: Can someone please explain what these errors mean?
>
> Randy,
>
> Please post a wire/context log of the HTTP session to this list. I'll
look
> at it tomorrow
>
> http://jakarta.apache.org/commons/httpclient/logging.html
>
> Oleg
>
> On Wed, 2005-02-16 at 10:05 -0600, Randy Paries wrote:
> > Hello
> >
> > Actually I do not have access to the backend, so I am unsure
> >
> > With my client I already do
> > client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
> >
> > Thanks
> >
> > -----Original Message-----
> > From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
> > Sent: Tuesday, February 15, 2005 6:58 PM
> > To: 'HttpClient User Discussion'
> > Subject: RE: Can someone please explain what these errors mean?
> >
> > Well,
> >
> > I can say that the TLTSID looks like a cookie that gets injected into
> > the HTTP headers by a product called Realitea from Tea Leaf
> > Technologies. Does your company use that product?
> >
> > Sounds like you want to explicitly set your cookie policy to
> > Compatibility and see if that helps.
> >
> > Good luck.
> >
> > Ken
> >
> > > -----Original Message-----
> > > From: Randy Paries [mailto:randy.paries@unitnet.com]
> > > Sent: Tuesday, February 15, 2005 4:23 PM
> > > To: 'HttpClient User Discussion'
> > > Subject: Can someone please explain what these errors mean?
> > >
> > > Hello,
> > >
> > > I am using httpClient to login into a site and then grab some data
> > > from a report
> > >
> > > After I post the login info, I get a 302 and I redirect to that
page.
> > >
> > > When I go to the redirected URL I get these error messages. Can
> > > someone explain what they mean?
> > >
> > > Thanks
> > >
> > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > processResponseHeaders
> > > WARNING: Cookie rejected:
"TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> > > Illegal path attribute "/". Path of origin:
"Canada/LoginRefresh.asp"
> > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > processResponseHeaders
> > > WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> > > Illegal
> > > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > processResponseHeaders
> > > WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> > > Illegal
> > > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > >
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > - To unsubscribe, e-mail:
> > > httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > > httpclient-user-help@jakarta.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Oleg Kalnichevski <ol...@apache.org>.
Randy
The path attribute of the cookie in question violates all imaginable
cookie specs.
Set-Cookie: TLTHID=8F72EB484561F88A535635A72C8A4536;
Domain=.marykay.ca;path=/
The cookie set from "Canada/LoginRefresh.asp" must have its path
starting with "Canada/". Does this cookie gets accepted by IE or Mozilla
Firefox?
Consider upgrading to HttpClient 3.0 as it supports pluggable custom
cookie specs. You can subclass the browser compatibility spec and make
it accept cookies with any path attribute.
http://jakarta.apache.org/commons/httpclient/3.0/cookies.html
http://jakarta.apache.org/commons/httpclient/3.0/preference-api.html
Oleg
On Wed, 2005-02-16 at 16:09 -0600, Randy Paries wrote:
> Thanks for you help
>
> I hope this helps
>
>
> 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java version: 1.4.2_04
> 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java vendor: Sun
> Microsystems Inc.
> 2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java class path:
> C:\j2sdk1.4.2_04\jre\lib\charsets.jar;C:\j2sdk1.4.2_04\jre\lib\jce.jar;C:\j2
> sdk1.4.2_04\jre\lib\jsse.jar;C:\j2sdk1.4.2_04\jre\lib\plugin.jar;C:\j2sdk1.4
> .2_04\jre\lib\rt.jar;C:\j2sdk1.4.2_04\jre\lib\sunrsasign.jar;C:\j2sdk1.4.2_0
> 4\jre\lib\ext\dnsns.jar;C:\j2sdk1.4.2_04\jre\lib\ext\ldapsec.jar;C:\j2sdk1.4
> .2_04\jre\lib\ext\localedata.jar;C:\j2sdk1.4.2_04\jre\lib\ext\sunjce_provide
> r.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\classes;C:\Program
> Files\Apache Software Foundation\Tomcat 5.0\bin\bootstrap.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\commons-collections.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\naming-factory.jar;C:\Program Files\Apache
> Software Foundation\Tomcat 5.0\common\lib\jsp-api.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\servlet-api.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\ant.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\jasper-compiler.jar;C:\Program Files\Apache
> Software Foundation\Tomcat 5.0\common\lib\naming-resources.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\naming-common.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\commons-dbcp-1.1.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\commons-pool-1.1.jar;C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\common\lib\naming-java.jar;C:\Program Files\Apache
> Software Foundation\Tomcat 5.0\common\lib\jasper-runtime.jar;C:\Program
> Files\Apache Software Foundation\Tomcat
> 5.0\common\lib\commons-el.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\a
> ctivation.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\pop3.jar;C:\UnitN
> et\UnitNetServlet\webapp\WEB-INF\lib\mail.jar;C:\UnitNet\UnitNetServlet\weba
> pp\WEB-INF\lib\ActivSpell2.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\
> imap.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\mailapi.jar;C:\UnitNet
> \UnitNetServlet\webapp\WEB-INF\lib\jspellcheck.jar;C:\UnitNet\UnitNetServlet
> \webapp\WEB-INF\lib\activspell.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\
> lib\jspsmartupload.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\smtp.jar
> ;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\activscan.jar;C:\UnitNet\UnitN
> etServlet\webapp\WEB-INF\lib\mysql-connector-java-3.0.14-production-bin.jar;
> C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\acme.jar;C:\UnitNet\UnitNetServ
> let\src\libcurl\eclipse\plugins\org.curl_1.0.0\libcurl.jar;C:\UnitNet\UnitNe
> tServlet\htmlparser1_5\lib\htmlparser.jar;C:\UnitNet\UnitNetServlet\commons-
> httpclient-2.0.2\commons-httpclient-2.0.2.jar;C:\IntelliJ-IDEA-4.0.3\lib\ide
> a_rt.jar
> 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system name:
> Windows XP
> 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
> architecture: x86
> 2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system version:
> 5.1
> 2005/02/16 16:02:36:983 CST [DEBUG] HttpClient - -SUN 1.42: SUN (DSA
> key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
> X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
> CertPathBuilder; LDAP, Collection CertStores)
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE
> provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories,
> SSLv3, TLSv1)
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's
> provider for RSA signatures
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJCE 1.42: SunJCE
> Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman,
> HMAC-MD5, HMAC-SHA1)
> 2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos
> v5)
> 2005/02/16 16:02:43:593 CST [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2005/02/16 16:02:43:593 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> 2005/02/16 16:02:43:593 CST [DEBUG] header - ->> "GET
> /Login.asp?PageID=1447&Directory=mkbiz/Canada/LoginRefresh.asp?PageID=1447&D
> irectory=mkbiz HTTP/1.1[\r][\n]"
> 2005/02/16 16:02:43:608 CST [DEBUG] HttpMethodBase - -Adding Host request
> header
> 2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "User-Agent: Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
> 2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "Host:
> www.marykay.ca[\r][\n]"
> 2005/02/16 16:02:44:062 CST [DEBUG] header - ->> "[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "HTTP/1.1 200 OK[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:02:44 GMT[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "X-Powered-By:
> ASP.NET[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Length:
> 5099[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb 2005
> 22:02:44 GMT[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D; expires=Fri,
> 18-Mar-2005 22:02:44 GMT; path=/[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: GUID=;
> path=/[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: LanguageID=1;
> path=/[\r][\n]"
> 2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
> LanguageDefaulted=True; path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ; path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Cache-control:
> private[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> TLTHID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
> TLTUID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r]; path=/;
> expires=Wed, 16-02-2015 22:02:44 GMT[\r][\n]"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "GUID="
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageID=1"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageDefaulted=True"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0"
> 2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTHID=6BC2644642F5132C7BE4178ECB8F15EA"
> 2005/02/16 16:02:44:437 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTUID=6BC2644642F5132C7BE4178ECB8F15EA"
> 2005/02/16 16:02:46:530 CST [DEBUG] HttpMethodBase - -Buffering response
> body
> 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Resorting to protocol
> version default close connection policy
> 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1.
> 2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Default charset used:
> ISO-8859-1
> -----------------
> -----------------
> 2005/02/16 16:02:53:890 CST [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2005/02/16 16:02:53:890 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> 2005/02/16 16:02:53:890 CST [DEBUG] header - ->> "POST
> /Login.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
> 2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Adding Host request
> header
> 2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Default charset used:
> ISO-8859-1
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "User-Agent: Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Host:
> www.marykay.ca[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie: GUID=[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> LanguageID=1[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> LanguageDefaulted=True[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ[\r][\n]"
> 2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
> TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
> TLTHID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
> TLTUID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Length:
> 98[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Type:
> application/x-www-form-urlencoded[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "[\r][\n]"
> 2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Using buffered
> request body
> 2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Request body
> sent
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "HTTP/1.1 100
> Continue[\r][\n]"
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:02:54 GMT[\r][\n]"
> 2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "X-Powered-By:
> ASP.NET[\r][\n]"
> 2005/02/16 16:02:54:030 CST [INFO] HttpMethodBase - -Discarding unexpected
> response: HTTP/1.1 100 Continue
> 2005/02/16 16:02:55:483 CST [DEBUG] header - -<< "HTTP/1.1 302 Object
> moved[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:02:54 GMT[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "X-Powered-By:
> ASP.NET[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Location:
> Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Length:
> 121[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb 2005
> 05:22:54 GMT[\r][\n]"
> 2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Set-Cookie:
> SubsidiaryCode=CA; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> ContactID=21970231; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie: LanguageID=1;
> domain=.marykay.ca; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> LanguageDefaulted=True; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> CustomerNumber=xxxxx; domain=.marykay.ca; path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Cache-control:
> private[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> TLTSID=D9D92A57456F0181E5053FAE47A58E05z0; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> TLTHID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
> TLTUID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r]; path=/;
> expires=Wed, 16-02-2015 22:02:54 GMT[\r][\n]"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "SubsidiaryCode=CA"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "ContactID=21970231"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageID=1"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "LanguageDefaulted=True"
> 2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "CustomerNumber=xxxxx"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTSID=D9D92A57456F0181E5053FAE47A58E05z0"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTHID=D9D92A57456F0181E5053FAE47A58E05"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
> "TLTUID=D9D92A57456F0181E5053FAE47A58E05"
> 2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Redirect required
> 2005/02/16 16:02:55:530 CST [INFO] HttpMethodBase - -Redirect requested but
> followRedirects is disabled
> Login form post: HTTP/1.1 302 Object moved
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Buffering response
> body
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Resorting to protocol
> version default close connection policy
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Should NOT close
> connection, using HTTP/1.1.
> 2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Default charset used:
> ISO-8859-1
> -----------------
> -----------------
> Logon cookies:
> - ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D
> - LanguageID=1
> - ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ
> - SubsidiaryCode=CA
> - ContactID=21970231
> - GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D
> - LanguageID=1
> - LanguageDefaulted=True
> - CustomerNumber=xxxxx
> - TLTSID=D9D92A57456F0181E5053FAE47A58E05z0
> - TLTHID=D9D92A57456F0181E5053FAE47A58E05
> - TLTUID=D9D92A57456F0181E5053FAE47A58E05
> Redirect target: Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz
> 2005/02/16 16:03:13:390 CST [DEBUG] HttpConnection -
> -HttpConnection.setSoTimeout(0)
> 2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Execute loop try 1
> 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "GET
> Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
> 2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Adding Host request
> header
> 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "User-Agent: Jakarta
> Commons-HttpClient/2.0.2[\r][\n]"
> 2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "Host:
> www.marykay.ca[\r][\n]"
> 2005/02/16 16:03:13:405 CST [DEBUG] header - ->> "[\r][\n]"
> 2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "HTTP/1.1 400 Bad
> Request[\r][\n]"
> 2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "Server:
> Microsoft-IIS/5.0[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
> 22:03:13 GMT[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Connection: close[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Type:
> text/html[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Length:
> 87[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> TLTSID=8F72EB484561F88A535635A72C8A4536z0; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> TLTHID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r];
> path=/[\r][\n]"
> 2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
> TLTUID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r]; path=/;
> expires=Wed, 16-02-2015 22:03:14 GMT[\r][\n]"
> 2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
> "TLTSID=8F72EB484561F88A535635A72C8A4536z0". Illegal path attribute "/".
> Path of origin: "Canada/LoginRefresh.asp"
> 2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
> "TLTHID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/". Path
> of origin: "Canada/LoginRefresh.asp"
> 2005/02/16 16:03:13:546 CST [WARN] HttpMethodBase - -Cookie rejected:
> "TLTUID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/". Path
> of origin: "Canada/LoginRefresh.asp"
> Redirect: HTTP/1.1 400 Bad Request
>
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: Wednesday, February 16, 2005 2:55 PM
> To: HttpClient User Discussion
> Subject: RE: Can someone please explain what these errors mean?
>
> Randy,
>
> Please post a wire/context log of the HTTP session to this list. I'll look
> at it tomorrow
>
> http://jakarta.apache.org/commons/httpclient/logging.html
>
> Oleg
>
> On Wed, 2005-02-16 at 10:05 -0600, Randy Paries wrote:
> > Hello
> >
> > Actually I do not have access to the backend, so I am unsure
> >
> > With my client I already do
> > client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
> >
> > Thanks
> >
> > -----Original Message-----
> > From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
> > Sent: Tuesday, February 15, 2005 6:58 PM
> > To: 'HttpClient User Discussion'
> > Subject: RE: Can someone please explain what these errors mean?
> >
> > Well,
> >
> > I can say that the TLTSID looks like a cookie that gets injected into
> > the HTTP headers by a product called Realitea from Tea Leaf
> > Technologies. Does your company use that product?
> >
> > Sounds like you want to explicitly set your cookie policy to
> > Compatibility and see if that helps.
> >
> > Good luck.
> >
> > Ken
> >
> > > -----Original Message-----
> > > From: Randy Paries [mailto:randy.paries@unitnet.com]
> > > Sent: Tuesday, February 15, 2005 4:23 PM
> > > To: 'HttpClient User Discussion'
> > > Subject: Can someone please explain what these errors mean?
> > >
> > > Hello,
> > >
> > > I am using httpClient to login into a site and then grab some data
> > > from a report
> > >
> > > After I post the login info, I get a 302 and I redirect to that page.
> > >
> > > When I go to the redirected URL I get these error messages. Can
> > > someone explain what they mean?
> > >
> > > Thanks
> > >
> > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > processResponseHeaders
> > > WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> > > Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > processResponseHeaders
> > > WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> > > Illegal
> > > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > > processResponseHeaders
> > > WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> > > Illegal
> > > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > >
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > - To unsubscribe, e-mail:
> > > httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > > httpclient-user-help@jakarta.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Randy Paries <ra...@unitnet.com>.
Thanks for you help
I hope this helps
2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java version: 1.4.2_04
2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java vendor: Sun
Microsystems Inc.
2005/02/16 16:02:36:374 CST [DEBUG] HttpClient - -Java class path:
C:\j2sdk1.4.2_04\jre\lib\charsets.jar;C:\j2sdk1.4.2_04\jre\lib\jce.jar;C:\j2
sdk1.4.2_04\jre\lib\jsse.jar;C:\j2sdk1.4.2_04\jre\lib\plugin.jar;C:\j2sdk1.4
.2_04\jre\lib\rt.jar;C:\j2sdk1.4.2_04\jre\lib\sunrsasign.jar;C:\j2sdk1.4.2_0
4\jre\lib\ext\dnsns.jar;C:\j2sdk1.4.2_04\jre\lib\ext\ldapsec.jar;C:\j2sdk1.4
.2_04\jre\lib\ext\localedata.jar;C:\j2sdk1.4.2_04\jre\lib\ext\sunjce_provide
r.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\classes;C:\Program
Files\Apache Software Foundation\Tomcat 5.0\bin\bootstrap.jar;C:\Program
Files\Apache Software Foundation\Tomcat
5.0\common\lib\commons-collections.jar;C:\Program Files\Apache Software
Foundation\Tomcat 5.0\common\lib\naming-factory.jar;C:\Program Files\Apache
Software Foundation\Tomcat 5.0\common\lib\jsp-api.jar;C:\Program
Files\Apache Software Foundation\Tomcat
5.0\common\lib\servlet-api.jar;C:\Program Files\Apache Software
Foundation\Tomcat 5.0\common\lib\ant.jar;C:\Program Files\Apache Software
Foundation\Tomcat 5.0\common\lib\jasper-compiler.jar;C:\Program Files\Apache
Software Foundation\Tomcat 5.0\common\lib\naming-resources.jar;C:\Program
Files\Apache Software Foundation\Tomcat
5.0\common\lib\naming-common.jar;C:\Program Files\Apache Software
Foundation\Tomcat 5.0\common\lib\commons-dbcp-1.1.jar;C:\Program
Files\Apache Software Foundation\Tomcat
5.0\common\lib\commons-pool-1.1.jar;C:\Program Files\Apache Software
Foundation\Tomcat 5.0\common\lib\naming-java.jar;C:\Program Files\Apache
Software Foundation\Tomcat 5.0\common\lib\jasper-runtime.jar;C:\Program
Files\Apache Software Foundation\Tomcat
5.0\common\lib\commons-el.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\a
ctivation.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\pop3.jar;C:\UnitN
et\UnitNetServlet\webapp\WEB-INF\lib\mail.jar;C:\UnitNet\UnitNetServlet\weba
pp\WEB-INF\lib\ActivSpell2.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\
imap.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\mailapi.jar;C:\UnitNet
\UnitNetServlet\webapp\WEB-INF\lib\jspellcheck.jar;C:\UnitNet\UnitNetServlet
\webapp\WEB-INF\lib\activspell.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\
lib\jspsmartupload.jar;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\smtp.jar
;C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\activscan.jar;C:\UnitNet\UnitN
etServlet\webapp\WEB-INF\lib\mysql-connector-java-3.0.14-production-bin.jar;
C:\UnitNet\UnitNetServlet\webapp\WEB-INF\lib\acme.jar;C:\UnitNet\UnitNetServ
let\src\libcurl\eclipse\plugins\org.curl_1.0.0\libcurl.jar;C:\UnitNet\UnitNe
tServlet\htmlparser1_5\lib\htmlparser.jar;C:\UnitNet\UnitNetServlet\commons-
httpclient-2.0.2\commons-httpclient-2.0.2.jar;C:\IntelliJ-IDEA-4.0.3\lib\ide
a_rt.jar
2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system name:
Windows XP
2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system
architecture: x86
2005/02/16 16:02:36:390 CST [DEBUG] HttpClient - -Operating system version:
5.1
2005/02/16 16:02:36:983 CST [DEBUG] HttpClient - -SUN 1.42: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores)
2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJSSE 1.42: Sun JSSE
provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories,
SSLv3, TLSv1)
2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunRsaSign 1.42: SUN's
provider for RSA signatures
2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJCE 1.42: SunJCE
Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman,
HMAC-MD5, HMAC-SHA1)
2005/02/16 16:02:36:999 CST [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos
v5)
2005/02/16 16:02:43:593 CST [DEBUG] HttpConnection -
-HttpConnection.setSoTimeout(0)
2005/02/16 16:02:43:593 CST [DEBUG] HttpMethodBase - -Execute loop try 1
2005/02/16 16:02:43:593 CST [DEBUG] header - ->> "GET
/Login.asp?PageID=1447&Directory=mkbiz/Canada/LoginRefresh.asp?PageID=1447&D
irectory=mkbiz HTTP/1.1[\r][\n]"
2005/02/16 16:02:43:608 CST [DEBUG] HttpMethodBase - -Adding Host request
header
2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "User-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
2005/02/16 16:02:43:624 CST [DEBUG] header - ->> "Host:
www.marykay.ca[\r][\n]"
2005/02/16 16:02:44:062 CST [DEBUG] header - ->> "[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "HTTP/1.1 200 OK[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Server:
Microsoft-IIS/5.0[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
22:02:44 GMT[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "X-Powered-By:
ASP.NET[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Length:
5099[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Content-Type:
text/html[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb 2005
22:02:44 GMT[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D; expires=Fri,
18-Mar-2005 22:02:44 GMT; path=/[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: GUID=;
path=/[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie: LanguageID=1;
path=/[\r][\n]"
2005/02/16 16:02:44:233 CST [DEBUG] header - -<< "Set-Cookie:
LanguageDefaulted=True; path=/[\r][\n]"
2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ; path=/[\r][\n]"
2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Cache-control:
private[\r][\n]"
2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0; Domain=.marykay.ca[\r];
path=/[\r][\n]"
2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
TLTHID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r];
path=/[\r][\n]"
2005/02/16 16:02:44:249 CST [DEBUG] header - -<< "Set-Cookie:
TLTUID=6BC2644642F5132C7BE4178ECB8F15EA; Domain=.marykay.ca[\r]; path=/;
expires=Wed, 16-02-2015 22:02:44 GMT[\r][\n]"
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D"
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"GUID="
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"LanguageID=1"
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"LanguageDefaulted=True"
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ"
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0"
2005/02/16 16:02:44:421 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"TLTHID=6BC2644642F5132C7BE4178ECB8F15EA"
2005/02/16 16:02:44:437 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"TLTUID=6BC2644642F5132C7BE4178ECB8F15EA"
2005/02/16 16:02:46:530 CST [DEBUG] HttpMethodBase - -Buffering response
body
2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Resorting to protocol
version default close connection policy
2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Should NOT close
connection, using HTTP/1.1.
2005/02/16 16:02:46:546 CST [DEBUG] HttpMethodBase - -Default charset used:
ISO-8859-1
-----------------
-----------------
2005/02/16 16:02:53:890 CST [DEBUG] HttpConnection -
-HttpConnection.setSoTimeout(0)
2005/02/16 16:02:53:890 CST [DEBUG] HttpMethodBase - -Execute loop try 1
2005/02/16 16:02:53:890 CST [DEBUG] header - ->> "POST
/Login.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Adding Host request
header
2005/02/16 16:02:53:905 CST [DEBUG] HttpMethodBase - -Default charset used:
ISO-8859-1
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "User-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Host:
www.marykay.ca[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie: GUID=[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
LanguageID=1[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
LanguageDefaulted=True[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ[\r][\n]"
2005/02/16 16:02:53:921 CST [DEBUG] header - ->> "Cookie:
TLTSID=6BC2644642F5132C7BE4178ECB8F15EAz0[\r][\n]"
2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
TLTHID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Cookie:
TLTUID=6BC2644642F5132C7BE4178ECB8F15EA[\r][\n]"
2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Length:
98[\r][\n]"
2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "Content-Type:
application/x-www-form-urlencoded[\r][\n]"
2005/02/16 16:02:53:937 CST [DEBUG] header - ->> "[\r][\n]"
2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Using buffered
request body
2005/02/16 16:02:53:937 CST [DEBUG] EntityEnclosingMethod - -Request body
sent
2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "HTTP/1.1 100
Continue[\r][\n]"
2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Server:
Microsoft-IIS/5.0[\r][\n]"
2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
22:02:54 GMT[\r][\n]"
2005/02/16 16:02:54:030 CST [DEBUG] header - -<< "X-Powered-By:
ASP.NET[\r][\n]"
2005/02/16 16:02:54:030 CST [INFO] HttpMethodBase - -Discarding unexpected
response: HTTP/1.1 100 Continue
2005/02/16 16:02:55:483 CST [DEBUG] header - -<< "HTTP/1.1 302 Object
moved[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Server:
Microsoft-IIS/5.0[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
22:02:54 GMT[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "X-Powered-By:
ASP.NET[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Pragma: No-Cache[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Location:
Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Length:
121[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Content-Type:
text/html[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Expires: Wed, 16 Feb 2005
05:22:54 GMT[\r][\n]"
2005/02/16 16:02:55:499 CST [DEBUG] header - -<< "Set-Cookie:
SubsidiaryCode=CA; path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
ContactID=21970231; path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D; path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie: LanguageID=1;
domain=.marykay.ca; path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
LanguageDefaulted=True; path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
CustomerNumber=xxxxx; domain=.marykay.ca; path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Cache-control:
private[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
TLTSID=D9D92A57456F0181E5053FAE47A58E05z0; Domain=.marykay.ca[\r];
path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
TLTHID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r];
path=/[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] header - -<< "Set-Cookie:
TLTUID=D9D92A57456F0181E5053FAE47A58E05; Domain=.marykay.ca[\r]; path=/;
expires=Wed, 16-02-2015 22:02:54 GMT[\r][\n]"
2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"SubsidiaryCode=CA"
2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"ContactID=21970231"
2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D"
2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"LanguageID=1"
2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"LanguageDefaulted=True"
2005/02/16 16:02:55:515 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"CustomerNumber=xxxxx"
2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"TLTSID=D9D92A57456F0181E5053FAE47A58E05z0"
2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"TLTHID=D9D92A57456F0181E5053FAE47A58E05"
2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Cookie accepted:
"TLTUID=D9D92A57456F0181E5053FAE47A58E05"
2005/02/16 16:02:55:530 CST [DEBUG] HttpMethodBase - -Redirect required
2005/02/16 16:02:55:530 CST [INFO] HttpMethodBase - -Redirect requested but
followRedirects is disabled
Login form post: HTTP/1.1 302 Object moved
2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Buffering response
body
2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Resorting to protocol
version default close connection policy
2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Should NOT close
connection, using HTTP/1.1.
2005/02/16 16:02:59:655 CST [DEBUG] HttpMethodBase - -Default charset used:
ISO-8859-1
-----------------
-----------------
Logon cookies:
- ShopperID=%7BFE4F7ADB%2D06CA%2D406F%2DBEC2%2D2769E57EEDBE%7D
- LanguageID=1
- ASPSESSIONIDSSCCQCSC=BAJBGEEBEFIAPINIPPOKAKDJ
- SubsidiaryCode=CA
- ContactID=21970231
- GUID=%7B7E5D154F%2DCECA%2D46A8%2D99C2%2D2CA6BA3F8D21%7D
- LanguageID=1
- LanguageDefaulted=True
- CustomerNumber=xxxxx
- TLTSID=D9D92A57456F0181E5053FAE47A58E05z0
- TLTHID=D9D92A57456F0181E5053FAE47A58E05
- TLTUID=D9D92A57456F0181E5053FAE47A58E05
Redirect target: Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz
2005/02/16 16:03:13:390 CST [DEBUG] HttpConnection -
-HttpConnection.setSoTimeout(0)
2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Execute loop try 1
2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "GET
Canada/LoginRefresh.asp?PageID=1447&Directory=mkbiz HTTP/1.1[\r][\n]"
2005/02/16 16:03:13:390 CST [DEBUG] HttpMethodBase - -Adding Host request
header
2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "User-Agent: Jakarta
Commons-HttpClient/2.0.2[\r][\n]"
2005/02/16 16:03:13:390 CST [DEBUG] header - ->> "Host:
www.marykay.ca[\r][\n]"
2005/02/16 16:03:13:405 CST [DEBUG] header - ->> "[\r][\n]"
2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "HTTP/1.1 400 Bad
Request[\r][\n]"
2005/02/16 16:03:13:515 CST [DEBUG] header - -<< "Server:
Microsoft-IIS/5.0[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Date: Wed, 16 Feb 2005
22:03:13 GMT[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Connection: close[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Type:
text/html[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Content-Length:
87[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
TLTSID=8F72EB484561F88A535635A72C8A4536z0; Domain=.marykay.ca[\r];
path=/[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
TLTHID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r];
path=/[\r][\n]"
2005/02/16 16:03:13:530 CST [DEBUG] header - -<< "Set-Cookie:
TLTUID=8F72EB484561F88A535635A72C8A4536; Domain=.marykay.ca[\r]; path=/;
expires=Wed, 16-02-2015 22:03:14 GMT[\r][\n]"
2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
"TLTSID=8F72EB484561F88A535635A72C8A4536z0". Illegal path attribute "/".
Path of origin: "Canada/LoginRefresh.asp"
2005/02/16 16:03:13:530 CST [WARN] HttpMethodBase - -Cookie rejected:
"TLTHID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/". Path
of origin: "Canada/LoginRefresh.asp"
2005/02/16 16:03:13:546 CST [WARN] HttpMethodBase - -Cookie rejected:
"TLTUID=8F72EB484561F88A535635A72C8A4536". Illegal path attribute "/". Path
of origin: "Canada/LoginRefresh.asp"
Redirect: HTTP/1.1 400 Bad Request
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Wednesday, February 16, 2005 2:55 PM
To: HttpClient User Discussion
Subject: RE: Can someone please explain what these errors mean?
Randy,
Please post a wire/context log of the HTTP session to this list. I'll look
at it tomorrow
http://jakarta.apache.org/commons/httpclient/logging.html
Oleg
On Wed, 2005-02-16 at 10:05 -0600, Randy Paries wrote:
> Hello
>
> Actually I do not have access to the backend, so I am unsure
>
> With my client I already do
> client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
>
> Thanks
>
> -----Original Message-----
> From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
> Sent: Tuesday, February 15, 2005 6:58 PM
> To: 'HttpClient User Discussion'
> Subject: RE: Can someone please explain what these errors mean?
>
> Well,
>
> I can say that the TLTSID looks like a cookie that gets injected into
> the HTTP headers by a product called Realitea from Tea Leaf
> Technologies. Does your company use that product?
>
> Sounds like you want to explicitly set your cookie policy to
> Compatibility and see if that helps.
>
> Good luck.
>
> Ken
>
> > -----Original Message-----
> > From: Randy Paries [mailto:randy.paries@unitnet.com]
> > Sent: Tuesday, February 15, 2005 4:23 PM
> > To: 'HttpClient User Discussion'
> > Subject: Can someone please explain what these errors mean?
> >
> > Hello,
> >
> > I am using httpClient to login into a site and then grab some data
> > from a report
> >
> > After I post the login info, I get a 302 and I redirect to that page.
> >
> > When I go to the redirected URL I get these error messages. Can
> > someone explain what they mean?
> >
> > Thanks
> >
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> > Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> > Illegal
> > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> > Illegal
> > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> >
> >
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail:
> > httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Oleg Kalnichevski <ol...@apache.org>.
Randy,
Please post a wire/context log of the HTTP session to this list. I'll
look at it tomorrow
http://jakarta.apache.org/commons/httpclient/logging.html
Oleg
On Wed, 2005-02-16 at 10:05 -0600, Randy Paries wrote:
> Hello
>
> Actually I do not have access to the backend, so I am unsure
>
> With my client I already do
> client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
>
> Thanks
>
> -----Original Message-----
> From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
> Sent: Tuesday, February 15, 2005 6:58 PM
> To: 'HttpClient User Discussion'
> Subject: RE: Can someone please explain what these errors mean?
>
> Well,
>
> I can say that the TLTSID looks like a cookie that gets injected into the
> HTTP headers by a product called Realitea from Tea Leaf Technologies. Does
> your company use that product?
>
> Sounds like you want to explicitly set your cookie policy to Compatibility
> and see if that helps.
>
> Good luck.
>
> Ken
>
> > -----Original Message-----
> > From: Randy Paries [mailto:randy.paries@unitnet.com]
> > Sent: Tuesday, February 15, 2005 4:23 PM
> > To: 'HttpClient User Discussion'
> > Subject: Can someone please explain what these errors mean?
> >
> > Hello,
> >
> > I am using httpClient to login into a site and then grab some data
> > from a report
> >
> > After I post the login info, I get a 302 and I redirect to that page.
> >
> > When I go to the redirected URL I get these error messages. Can
> > someone explain what they mean?
> >
> > Thanks
> >
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> > Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> > Illegal
> > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> > Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> > processResponseHeaders
> > WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> > Illegal
> > path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > httpclient-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Randy Paries <ra...@unitnet.com>.
Hello
Actually I do not have access to the backend, so I am unsure
With my client I already do
client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
Thanks
-----Original Message-----
From: Kenneth Wilcox [mailto:kwilcox75@cox.net]
Sent: Tuesday, February 15, 2005 6:58 PM
To: 'HttpClient User Discussion'
Subject: RE: Can someone please explain what these errors mean?
Well,
I can say that the TLTSID looks like a cookie that gets injected into the
HTTP headers by a product called Realitea from Tea Leaf Technologies. Does
your company use that product?
Sounds like you want to explicitly set your cookie policy to Compatibility
and see if that helps.
Good luck.
Ken
> -----Original Message-----
> From: Randy Paries [mailto:randy.paries@unitnet.com]
> Sent: Tuesday, February 15, 2005 4:23 PM
> To: 'HttpClient User Discussion'
> Subject: Can someone please explain what these errors mean?
>
> Hello,
>
> I am using httpClient to login into a site and then grab some data
> from a report
>
> After I post the login info, I get a 302 and I redirect to that page.
>
> When I go to the redirected URL I get these error messages. Can
> someone explain what they mean?
>
> Thanks
>
> Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> processResponseHeaders
> WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> processResponseHeaders
> WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> Illegal
> path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> processResponseHeaders
> WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> Illegal
> path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: Can someone please explain what these errors mean?
Posted by Kenneth Wilcox <kw...@cox.net>.
Well,
I can say that the TLTSID looks like a cookie that gets injected into the
HTTP headers by a product called Realitea from Tea Leaf Technologies. Does
your company use that product?
Sounds like you want to explicitly set your cookie policy to Compatibility
and see if that helps.
Good luck.
Ken
> -----Original Message-----
> From: Randy Paries [mailto:randy.paries@unitnet.com]
> Sent: Tuesday, February 15, 2005 4:23 PM
> To: 'HttpClient User Discussion'
> Subject: Can someone please explain what these errors mean?
>
> Hello,
>
> I am using httpClient to login into a site and then grab some data from a
> report
>
> After I post the login info, I get a 302 and I redirect to that page.
>
> When I go to the redirected URL I get these error messages. Can someone
> explain what they mean?
>
> Thanks
>
> Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> processResponseHeaders
> WARNING: Cookie rejected: "TLTSID=8E757A8C4BA2C4038B0F1FB931593E14z0".
> Illegal path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> processResponseHeaders
> WARNING: Cookie rejected: "TLTHID=8E757A8C4BA2C4038B0F1FB931593E14".
> Illegal
> path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
> Feb 15, 2005 3:03:40 PM org.apache.commons.httpclient.HttpMethodBase
> processResponseHeaders
> WARNING: Cookie rejected: "TLTUID=8E757A8C4BA2C4038B0F1FB931593E14".
> Illegal
> path attribute "/". Path of origin: "Canada/LoginRefresh.asp"
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org