You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by Vincent Massol <vm...@octo.com> on 2002/03/22 00:13:10 UTC

[HttpClient] Still problems with null domains and paths

Hi,

The Cactus build is breaking again. The error is that Cactus allows the
user to create cookies with no domain and/or no path. This seems to be
allowed by the spec (RFC 2109) :

"
   set-cookie      =       "Set-Cookie:" cookies
   cookies         =       1#cookie
   cookie          =       NAME "=" VALUE *(";" cookie-av)
   NAME            =       attr
   VALUE           =       value
   cookie-av       =       "Comment" "=" value
                   |       "Domain" "=" value
                   |       "Max-Age" "=" value
                   |       "Path" "=" value
                   |       "Secure"
                   |       "Version" "=" 1*DIGIT

[...]Each cookie begins with a NAME=VALUE pair, followed by zero or more
semi-colon-separated attribute-value pairs. The syntax for
attribute-value pairs was shown earlier. The specific attributes and the
semantics of their values follows. The NAME=VALUE attribute- value pair
must come first in each cookie. The others, if present, can occur in any
order [...]
"

However the method Cookie.createCookieHeader(...) does not allow for
null domains and paths.

Thus, when I call in cactus :

Header cookieHeader =
    org.apache.commons.httpclient.Cookie.createCookieHeader(
    HttpClientHelper.getDomain(theRequest, theConnection),
    HttpClientHelper.getPath(theRequest, theConnection),
    httpclientCookies);

where httpclientCookies is an array of cookies with no path nor domain,
the Cookie.match() code in createCookieHeader() fails and thus
createCookieHeader returns null, which is not correct according to the
spec above.

Am I missing something ? :-)

Thanks
-Vincent



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: [HttpClient] Still problems with null domains and paths

Posted by Sung-Gu <je...@apache.org>.

----- Original Message ----- 
From: "Vincent Massol" <vm...@octo.com>
To: <co...@jakarta.apache.org>
Sent: Friday, March 22, 2002 8:13 AM
Subject: [HttpClient] Still problems with null domains and paths


> Hi,
> 
> The Cactus build is breaking again. The error is that Cactus allows the
> user to create cookies with no domain and/or no path. This seems to be
> allowed by the spec (RFC 2109) :

I guess, during connetion, the http client must have the domain and path for user's privacy and security reason.  At least, it has to set the default domain from Host field and the default path like '/'.  So it's just needed to use null value programmatically to check whether it is using the cookie state on that session or not.

> "
>    set-cookie      =       "Set-Cookie:" cookies
>    cookies         =       1#cookie
>    cookie          =       NAME "=" VALUE *(";" cookie-av)
>    NAME            =       attr
>    VALUE           =       value
>    cookie-av       =       "Comment" "=" value
>                    |       "Domain" "=" value
>                    |       "Max-Age" "=" value
>                    |       "Path" "=" value
>                    |       "Secure"
>                    |       "Version" "=" 1*DIGIT
> 
> [...]Each cookie begins with a NAME=VALUE pair, followed by zero or more
> semi-colon-separated attribute-value pairs. The syntax for
> attribute-value pairs was shown earlier. The specific attributes and the
> semantics of their values follows. The NAME=VALUE attribute- value pair
> must come first in each cookie. The others, if present, can occur in any
> order [...]
> "
> 
> However the method Cookie.createCookieHeader(...) does not allow for
> null domains and paths.
> 
> Thus, when I call in cactus :
> 
> Header cookieHeader =
>     org.apache.commons.httpclient.Cookie.createCookieHeader(
>     HttpClientHelper.getDomain(theRequest, theConnection),
>     HttpClientHelper.getPath(theRequest, theConnection),
>     httpclientCookies);
> 
> where httpclientCookies is an array of cookies with no path nor domain,
> the Cookie.match() code in createCookieHeader() fails and thus
> createCookieHeader returns null, which is not correct according to the
> spec above.
> 
> Am I missing something ? :-)

I've taken  ur code just right now and got some possiblity.
      // If no Cookies, then exit
        Vector cookies = theRequest.getCookies();
      // Check the Vector within theRequest? Not really here...
        if (!cookies.isEmpty()) {
Please, try to check and debug that the isEmpty method is working correctly.
As I remember, the some constructors and isEmpty method from Vector have a bug.
If it's not, I don't have any clues yet.  ^^;

Sung-Gu