You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Andrew Flegg (JIRA)" <ji...@apache.org> on 2017/01/20 11:17:26 UTC

[jira] [Created] (AMQ-6571) HttpClientTransport refuses to accept cookies using `Expires' header

Andrew Flegg created AMQ-6571:
---------------------------------

             Summary: HttpClientTransport refuses to accept cookies using `Expires' header
                 Key: AMQ-6571
                 URL: https://issues.apache.org/jira/browse/AMQ-6571
             Project: ActiveMQ
          Issue Type: Improvement
          Components: Transport
    Affects Versions: 5.14.3, 5.14.2
            Reporter: Andrew Flegg
         Attachments: cookie-handling.patch

h2. Background
We are using ActiveMQ's [HTTP transport|http://activemq.apache.org/http-and-https-transports-reference.html] in AWS, behind a load balancer.

This transport requires a sticky session (i.e. session affinity) because of the local map of clients in [{{HttpTunnelServlet.clients}}|https://github.com/apache/activemq/blob/master/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java#L60]

AWS's classic load balancer sends sticky session cookies with the {{max-age}} attribute:

{noformat}
AWSELB=2DC7[...]F155;PATH=/;MAX-AGE=36000
{noformat}

Whereas AWS's new application load balancer, which supports a web application firewall (WAF) uses the {{Expires}} attribute:

{noformat}
AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/
{noformat}

As of [RFC 6265|https://tools.ietf.org/html/rfc6265] both {{max-age}} and {{Expires}} are valid attributes.

h2. Issue
Apache HTTP Client 4.5.2 defaults to a [cookie policy of {{best-match}}|https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/params/CookiePolicy.html]. When the {{AWSALB}} cookie is received, the cookie is not handled and the ActiveMQ log contains the following:

{noformat}
2017-01-19 12:23:58,185 | WARN  | Invalid cookie header: "Set-Cookie: AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/". Invalid 'expires' attribute: Tue, 27 Dec 2016 09:31:43 GMT | org.apache.http.client.protocol.ResponseProcessCookies | main
{noformat}

h2. Solution
The solution is to change the cookie policy in {{HttpClientTransport.createHttpClient()}}:

{code:java}
HttpClientParams.setCookiePolicy(params, CookiePolicy.BROWSER_COMPATIBILITY);
{code}

Patch attached.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)