You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Vincent Massol <vm...@octo.com> on 2002/03/22 00:13:10 UTC
[HttpClient] Still problems with null domains and paths
Hi,
The Cactus build is breaking again. The error is that Cactus allows the
user to create cookies with no domain and/or no path. This seems to be
allowed by the spec (RFC 2109) :
"
set-cookie = "Set-Cookie:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" cookie-av)
NAME = attr
VALUE = value
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT
[...]Each cookie begins with a NAME=VALUE pair, followed by zero or more
semi-colon-separated attribute-value pairs. The syntax for
attribute-value pairs was shown earlier. The specific attributes and the
semantics of their values follows. The NAME=VALUE attribute- value pair
must come first in each cookie. The others, if present, can occur in any
order [...]
"
However the method Cookie.createCookieHeader(...) does not allow for
null domains and paths.
Thus, when I call in cactus :
Header cookieHeader =
org.apache.commons.httpclient.Cookie.createCookieHeader(
HttpClientHelper.getDomain(theRequest, theConnection),
HttpClientHelper.getPath(theRequest, theConnection),
httpclientCookies);
where httpclientCookies is an array of cookies with no path nor domain,
the Cookie.match() code in createCookieHeader() fails and thus
createCookieHeader returns null, which is not correct according to the
spec above.
Am I missing something ? :-)
Thanks
-Vincent
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [HttpClient] Still problems with null domains and paths
Posted by Sung-Gu <je...@apache.org>.
----- Original Message -----
From: "Vincent Massol" <vm...@octo.com>
To: <co...@jakarta.apache.org>
Sent: Friday, March 22, 2002 8:13 AM
Subject: [HttpClient] Still problems with null domains and paths
> Hi,
>
> The Cactus build is breaking again. The error is that Cactus allows the
> user to create cookies with no domain and/or no path. This seems to be
> allowed by the spec (RFC 2109) :
I guess, during connetion, the http client must have the domain and path for user's privacy and security reason. At least, it has to set the default domain from Host field and the default path like '/'. So it's just needed to use null value programmatically to check whether it is using the cookie state on that session or not.
> "
> set-cookie = "Set-Cookie:" cookies
> cookies = 1#cookie
> cookie = NAME "=" VALUE *(";" cookie-av)
> NAME = attr
> VALUE = value
> cookie-av = "Comment" "=" value
> | "Domain" "=" value
> | "Max-Age" "=" value
> | "Path" "=" value
> | "Secure"
> | "Version" "=" 1*DIGIT
>
> [...]Each cookie begins with a NAME=VALUE pair, followed by zero or more
> semi-colon-separated attribute-value pairs. The syntax for
> attribute-value pairs was shown earlier. The specific attributes and the
> semantics of their values follows. The NAME=VALUE attribute- value pair
> must come first in each cookie. The others, if present, can occur in any
> order [...]
> "
>
> However the method Cookie.createCookieHeader(...) does not allow for
> null domains and paths.
>
> Thus, when I call in cactus :
>
> Header cookieHeader =
> org.apache.commons.httpclient.Cookie.createCookieHeader(
> HttpClientHelper.getDomain(theRequest, theConnection),
> HttpClientHelper.getPath(theRequest, theConnection),
> httpclientCookies);
>
> where httpclientCookies is an array of cookies with no path nor domain,
> the Cookie.match() code in createCookieHeader() fails and thus
> createCookieHeader returns null, which is not correct according to the
> spec above.
>
> Am I missing something ? :-)
I've taken ur code just right now and got some possiblity.
// If no Cookies, then exit
Vector cookies = theRequest.getCookies();
// Check the Vector within theRequest? Not really here...
if (!cookies.isEmpty()) {
Please, try to check and debug that the isEmpty method is working correctly.
As I remember, the some constructors and isEmpty method from Vector have a bug.
If it's not, I don't have any clues yet. ^^;
Sung-Gu