You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "freetwix (JIRA)" <ji...@apache.org> on 2008/12/11 18:35:45 UTC
[jira] Created: (HTTPCLIENT-810) cookie value parsing
cookie value parsing
--------------------
Key: HTTPCLIENT-810
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-810
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpCookie
Affects Versions: 3.1 Final
Environment: jmeter test (using jmeter 2.3.2)
Reporter: freetwix
A cookie is set in a request like this:
Set-Cookie: cookiename=|foo=yyy,bar=xxx|; secure; path=/
The resulting cookie in the next request looks like this:
cookiename=|foo=yyy; bar=xxx|;
as far as i understand, the one cookie is parsed into 2 cookies. jmeter seems to use httpclient-3.1 for the parsing. is this an issue for you?
greets,
freetwix
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] Commented: (HTTPCLIENT-810) cookie value parsing
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12655993#action_12655993 ]
Oleg Kalnichevski commented on HTTPCLIENT-810:
----------------------------------------------
freetwix, with all due respect, but you brought the statement about Cookie header as an argument in the first place
"...Note: For backward compatibility, the separator in the Cookie header ..."
Comma is the header element separator and because of that it MAY NOT be used in cookie values unless enclosed in quote marks. Therefore HttpClient correctly splits the Set-Cookie value into "cookiename=|foo=yyy" and "bar=xxx|; secure; path=/"
Oleg
> cookie value parsing
> --------------------
>
> Key: HTTPCLIENT-810
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-810
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 3.1 Final
> Environment: jmeter test (using jmeter 2.3.2)
> Reporter: freetwix
>
> A cookie is set in a request like this:
> Set-Cookie: cookiename=|foo=yyy,bar=xxx|; secure; path=/
> The resulting cookie in the next request looks like this:
> cookiename=|foo=yyy; bar=xxx|;
> as far as i understand, the one cookie is parsed into 2 cookies. jmeter seems to use httpclient-3.1 for the parsing. is this an issue for you?
> greets,
> freetwix
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] Commented: (HTTPCLIENT-810) cookie value parsing
Posted by "freetwix (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12655979#action_12655979 ]
freetwix commented on HTTPCLIENT-810:
-------------------------------------
i don't get the point (i understand that httpclient don't want to support all the browser ugliness, though).
the rfc part you bring as a counter-argument is for sending the cookie. there is the only valid use of a comma as a separator, but only for the separation of the cookie-version (nobody seems to use).
but the the important part for me is the parsing of a Set-Cookie header and the note, that a comma as a separator between cookie-values should be supported (which is described again in the sending of the cookie - that's the weak point of the spec). i can't see in the rfc why a comma separated cookie value is split up into multiple cookies. the onyl valid separator is a semicolon!
i don't want to write my own cookie spec, you misunderstood me in this point. there are some arguments that other implementations of cookie parsing seem to handle cookies the way i understand the rfc in this weird case and even jmeter in older versions supported these cookies. now they switched to httpclient (which is a good idea, i think, cause why reinvent the wheel) but that is a problem for me now. especially if httpclient will be the defacto standard for cookie parsing in java world.
i really honour the work you are doing providing the commons for the community, thx.
greets,
freetwix
> cookie value parsing
> --------------------
>
> Key: HTTPCLIENT-810
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-810
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 3.1 Final
> Environment: jmeter test (using jmeter 2.3.2)
> Reporter: freetwix
>
> A cookie is set in a request like this:
> Set-Cookie: cookiename=|foo=yyy,bar=xxx|; secure; path=/
> The resulting cookie in the next request looks like this:
> cookiename=|foo=yyy; bar=xxx|;
> as far as i understand, the one cookie is parsed into 2 cookies. jmeter seems to use httpclient-3.1 for the parsing. is this an issue for you?
> greets,
> freetwix
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] Resolved: (HTTPCLIENT-810) cookie value parsing
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-810.
------------------------------------------
Resolution: Invalid
Because there are two cookies in the header. See http://www.faqs.org/rfcs/rfc2965.html
Oleg
> cookie value parsing
> --------------------
>
> Key: HTTPCLIENT-810
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-810
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 3.1 Final
> Environment: jmeter test (using jmeter 2.3.2)
> Reporter: freetwix
>
> A cookie is set in a request like this:
> Set-Cookie: cookiename=|foo=yyy,bar=xxx|; secure; path=/
> The resulting cookie in the next request looks like this:
> cookiename=|foo=yyy; bar=xxx|;
> as far as i understand, the one cookie is parsed into 2 cookies. jmeter seems to use httpclient-3.1 for the parsing. is this an issue for you?
> greets,
> freetwix
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] Reopened: (HTTPCLIENT-810) cookie value parsing
Posted by "freetwix (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
freetwix reopened HTTPCLIENT-810:
---------------------------------
There are 2 points against it:
1) in http://www.faqs.org/rfcs/rfc2965.html
Note: For backward compatibility, the separator in the Cookie header
is semi-colon (;) everywhere. A server SHOULD also accept comma (,)
as the separator between cookie-values for future compatibility.
for me this means a comma is valid between cookie values (ok, it must not be supported)
2) every a-browser handles this Set-Cookie call correctly as one cookie
an argument for u?
> cookie value parsing
> --------------------
>
> Key: HTTPCLIENT-810
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-810
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 3.1 Final
> Environment: jmeter test (using jmeter 2.3.2)
> Reporter: freetwix
>
> A cookie is set in a request like this:
> Set-Cookie: cookiename=|foo=yyy,bar=xxx|; secure; path=/
> The resulting cookie in the next request looks like this:
> cookiename=|foo=yyy; bar=xxx|;
> as far as i understand, the one cookie is parsed into 2 cookies. jmeter seems to use httpclient-3.1 for the parsing. is this an issue for you?
> greets,
> freetwix
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] Resolved: (HTTPCLIENT-810) cookie value parsing
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-810.
------------------------------------------
Resolution: Invalid
> an argument for u?
No. HttpClient is NOT a browser. As to your first point, please take a look at the definition of the cookie-value
---
cookie = "Cookie:" cookie-version 1*((";" | ",") cookie-value)
cookie-value = NAME "=" VALUE [";" path] [";" domain] [";" port]
---
If you are not happy with the way HttpClient handles cookies feel free to implement your own CookieSpec and parse cookie headers whichever way you deem appropriate.
Oleg
> cookie value parsing
> --------------------
>
> Key: HTTPCLIENT-810
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-810
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 3.1 Final
> Environment: jmeter test (using jmeter 2.3.2)
> Reporter: freetwix
>
> A cookie is set in a request like this:
> Set-Cookie: cookiename=|foo=yyy,bar=xxx|; secure; path=/
> The resulting cookie in the next request looks like this:
> cookiename=|foo=yyy; bar=xxx|;
> as far as i understand, the one cookie is parsed into 2 cookies. jmeter seems to use httpclient-3.1 for the parsing. is this an issue for you?
> greets,
> freetwix
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org