You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2007/08/07 18:23:59 UTC
[jira] Resolved: (HTTPCLIENT-661) Error with quoted cookie value
[ https://issues.apache.org/jira/browse/HTTPCLIENT-661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-661.
------------------------------------------
Resolution: Won't Fix
David
I looked into possibility of providing a workaround for this issue in HttpClient 4.0 but have to conclude it would require too many ugly hacks or code duplication I am prepared to live with. I either have to add an extra attribute 'isQuoted' to HeaderElement / NameValuePair interfaces or duplicate the complete HTTP header parser code in the cookie specs classes. This is too much of a price to pay for a work-around for what is essentially a bug in a broken CGI script. This problem is better solved by implementing a custom browser cookie spec extension with a trivial amount of extra code.
Oleg
> Error with quoted cookie value
> ------------------------------
>
> Key: HTTPCLIENT-661
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-661
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 3.0 Final, 3.0.1, 3.1 RC1
> Environment: Mac OSX 10.4.9
> Java 1.5
> Firefox 2.0.0.4
> Reporter: David Brochoire
> Priority: Minor
> Fix For: 4.0 Alpha 2
>
>
> If a web server sends this http header (for example, after an authentication) :
> Set-Cookie: cookie-name="quoted-cookie-value-authent-ok";Path=/; secure
> In the parsing of cookies, when HttpClient detects a quoted cookie, it strip the
> first and the last quote '"', so it stores the value :
> quoted-cookie-value-authent-ok
> When you go on the next page after the authenticate page, with the policy
> BROWSER_COMPATIBILITY and all others, HttpClient sends this http header :
> Cookie: cookie-name=quoted-cookie-value-authent-ok
> But the server expects to receive the value :
> Cookie: cookie-name="quoted-cookie-value-authent-ok"
> and it rejects the client because it doesn't recognize the authenticated cookie.
> The server doesn't work correctly because quotation marks in cookie attributes
> are optional as long as those attribute values contain no reserved characters,
> but I don't have control above and if I do the same test with firefox, it stores
> the cookie value with quotes '"'.
> So, in the case of the policy BROWSER_COMPATIBILITY it would be better to don't
> strip away quotes (like firefox).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
Re: [jira] Resolved: (HTTPCLIENT-661) Error with quoted cookie value
Posted by Roland Weber <os...@dubioso.net>.
>> What about proxies that have to forward headers of unknown syntax
>> unmodified?
>
> Just forward it as is. What is the point of parsing it?
I see. Header.getValue() keeps the quotes,
only HeaderElement will loose them. Good.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
Re: [jira] Resolved: (HTTPCLIENT-661) Error with quoted cookie
value
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2007-08-07 at 18:50 +0200, Roland Weber wrote:
> Oleg Kalnichevski (JIRA) wrote:
> >
> > I either have to add an extra
> > attribute 'isQuoted' to HeaderElement / NameValuePair interfaces or
> > duplicate the complete HTTP header parser code in the cookie specs classes.
>
> I wasn't aware that the header parsing strips off quotes.
> Makes sense, of course. I'd use a 'quoteChar' attribute,
> so double vs. single quotes is preserved.
>
> > This is too much of a price to pay for a work-around for what is
> > essentially a bug in a broken CGI script.
>
> What about proxies that have to forward headers of unknown syntax
> unmodified?
>
Just forward it as is. What is the point of parsing it?
Oleg
> cheers,
> Roland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org
Re: [jira] Resolved: (HTTPCLIENT-661) Error with quoted cookie value
Posted by Roland Weber <os...@dubioso.net>.
Oleg Kalnichevski (JIRA) wrote:
>
> I either have to add an extra
> attribute 'isQuoted' to HeaderElement / NameValuePair interfaces or
> duplicate the complete HTTP header parser code in the cookie specs classes.
I wasn't aware that the header parsing strips off quotes.
Makes sense, of course. I'd use a 'quoteChar' attribute,
so double vs. single quotes is preserved.
> This is too much of a price to pay for a work-around for what is
> essentially a bug in a broken CGI script.
What about proxies that have to forward headers of unknown syntax
unmodified?
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org