You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by "Villemos, Gert" <ge...@logica.com> on 2011/07/20 11:25:51 UTC
Understanding cookie handling - registering cookies returned in a response
Well, I dont understand cookie handling. I have read the very detailed
guide at
http://hc.apache.org/httpcomponents-client-ga/tutorial/pdf/httpclient-tu
torial.pdf and a lot of posts, but I still don't get it.
In understand that you typically have a cookie store maintaining the
session cookies, that you set on the client / context.
What I don't get is this;
1. What is the difference between setting the cookie store on the client
and on the context?
2. When I have set a cookiestore (on client and context) and execute a
post that returns a response with cookies (such as JSESSIONID), then I
would expect those cookies to be registered automatically in the cookie
store for usage in the next request... but they aint (store is empty,
see below).
3. Do I need to register the cookies manually and how do I do this?
Snippet of my code;
DefaultHttpClient client = new DefaultHttpClient();
CookieStore cookieStore = new BasicCookieStore();
client.setCookieStore(cookieStore);
client.getParams().setParameter(ClientPNames.COOKIE_POLICY,
CookiePolicy.RFC_2965);
URI uri = new URI(theUri);
HttpHost target = new HttpHost(theDomain, thePort theProtocol);
HttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
HttpUriRequest method = new HttpPost(uri);
HttpResponse response = client.execute(target, method, localContext);
Redirect response contains "HTTP/1.1 302 Moved Temporarily [Date: XXX,
Server: Apache/2.2.3 (Red Hat), Set-Cookie:
JSESSIONID=9DD78EDA4296273637AC8B0A16D665B5; Path=/myPath; Secure,
Set-Cookie: q=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/,
Location: [myLocation], Content-Length: 0, Connection: close,
Content-Type: text/html;charset=UTF-8]
However the Cookiestore is empty.
Think green - keep it on the screen.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: Understanding cookie handling - registering cookies returned
in a response
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2011-07-21 at 00:28 +0200, Villemos, Gert wrote:
> Indeed. Changing the policy to BEST-MATCH, the cookies are now registered as expected.
>
> Another problem; The return of the POST request is a 302 response with a new target. How do I follow the redirect to the actual page? Do I have to do a GET myself? Reading the documentation it seems as if redirects should be followed automatically, i.e. I would expect a GET to be automatically executed after the POST.
>
> As far as I can see, I do not change the redirect settings anywhere in my code.
>
>
Please see javadocs in this class for a detail explanation
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultRedirectStrategy.java
You can force HttpClient to automatically redirect POST requests in all
cases by using a custom redirect strategy such as this one
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/LaxRedirectStrategy.java
Oleg
>
>
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: Wed 7/20/2011 4:03 PM
> To: HttpClient User Discussion
> Subject: Re: Understanding cookie handling - registering cookies returned in a response
>
> On Wed, 2011-07-20 at 11:25 +0200, Villemos, Gert wrote:
> > Well, I dont understand cookie handling. I have read the very detailed
> > guide at
> > http://hc.apache.org/httpcomponents-client-ga/tutorial/pdf/httpclient-tu
> > torial.pdf and a lot of posts, but I still don't get it.
> >
> > In understand that you typically have a cookie store maintaining the
> > session cookies, that you set on the client / context.
> >
> > What I don't get is this;
> > 1. What is the difference between setting the cookie store on the client
> > and on the context?
>
> Global cookie store is shared by all threads or execution / users, where
> as cookie store set in the local context can be used by one thread /
> user.
>
>
> > 2. When I have set a cookiestore (on client and context) and execute a
> > post that returns a response with cookies (such as JSESSIONID), then I
> > would expect those cookies to be registered automatically in the cookie
> > store for usage in the next request... but they aint (store is empty,
> > see below).
>
> The cookie sent by the server violates the HTTP state management spec
> and apparently gets rejected.
>
> You can use context / wire logging to find out whether or not the
> cookie(s) have been rejected.
>
> > 3. Do I need to register the cookies manually and how do I do this?
> >
>
> RFC_2965 policy is very strict. Use BEST-MATCH policy instead. It will
> automatically pick up Netscape compatible cookie spec to handle cookies
> containing legacy 'Expires' attribute.
>
> Hope this helps
>
> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
>
>
>
> Think green - keep it on the screen.
>
> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: Understanding cookie handling - registering cookies returned in a response
Posted by "Villemos, Gert" <ge...@logica.com>.
Indeed. Changing the policy to BEST-MATCH, the cookies are now registered as expected.
Another problem; The return of the POST request is a 302 response with a new target. How do I follow the redirect to the actual page? Do I have to do a GET myself? Reading the documentation it seems as if redirects should be followed automatically, i.e. I would expect a GET to be automatically executed after the POST.
As far as I can see, I do not change the redirect settings anywhere in my code.
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: Wed 7/20/2011 4:03 PM
To: HttpClient User Discussion
Subject: Re: Understanding cookie handling - registering cookies returned in a response
On Wed, 2011-07-20 at 11:25 +0200, Villemos, Gert wrote:
> Well, I dont understand cookie handling. I have read the very detailed
> guide at
> http://hc.apache.org/httpcomponents-client-ga/tutorial/pdf/httpclient-tu
> torial.pdf and a lot of posts, but I still don't get it.
>
> In understand that you typically have a cookie store maintaining the
> session cookies, that you set on the client / context.
>
> What I don't get is this;
> 1. What is the difference between setting the cookie store on the client
> and on the context?
Global cookie store is shared by all threads or execution / users, where
as cookie store set in the local context can be used by one thread /
user.
> 2. When I have set a cookiestore (on client and context) and execute a
> post that returns a response with cookies (such as JSESSIONID), then I
> would expect those cookies to be registered automatically in the cookie
> store for usage in the next request... but they aint (store is empty,
> see below).
The cookie sent by the server violates the HTTP state management spec
and apparently gets rejected.
You can use context / wire logging to find out whether or not the
cookie(s) have been rejected.
> 3. Do I need to register the cookies manually and how do I do this?
>
RFC_2965 policy is very strict. Use BEST-MATCH policy instead. It will
automatically pick up Netscape compatible cookie spec to handle cookies
containing legacy 'Expires' attribute.
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Think green - keep it on the screen.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
Re: Understanding cookie handling - registering cookies returned
in a response
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2011-07-20 at 11:25 +0200, Villemos, Gert wrote:
> Well, I dont understand cookie handling. I have read the very detailed
> guide at
> http://hc.apache.org/httpcomponents-client-ga/tutorial/pdf/httpclient-tu
> torial.pdf and a lot of posts, but I still don't get it.
>
> In understand that you typically have a cookie store maintaining the
> session cookies, that you set on the client / context.
>
> What I don't get is this;
> 1. What is the difference between setting the cookie store on the client
> and on the context?
Global cookie store is shared by all threads or execution / users, where
as cookie store set in the local context can be used by one thread /
user.
> 2. When I have set a cookiestore (on client and context) and execute a
> post that returns a response with cookies (such as JSESSIONID), then I
> would expect those cookies to be registered automatically in the cookie
> store for usage in the next request... but they aint (store is empty,
> see below).
The cookie sent by the server violates the HTTP state management spec
and apparently gets rejected.
You can use context / wire logging to find out whether or not the
cookie(s) have been rejected.
> 3. Do I need to register the cookies manually and how do I do this?
>
RFC_2965 policy is very strict. Use BEST-MATCH policy instead. It will
automatically pick up Netscape compatible cookie spec to handle cookies
containing legacy 'Expires' attribute.
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org