Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1451

HttpClient does not store response cookies on a 401

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 4.3.2
    • Fix Version/s: 5.0 Alpha2
    • Component/s: HttpClient (classic)
    • Labels:
      None

      Description

      Using HttpClient 4.3.2 to call a Web Service which is secured with BASIC authentication. The server responds to the initial request with a 401 response but also includes a cookie.

      The HttpClient does not place response cookies into the cookie store until after it has completed the subsequent request with the Authorize header, but the server rejects the authentication if the cookie is missing.

      To work around this I had to disable the authentication capability in the HttpClientContext and manually check for the 401 response code, and then send a followup request with a manually set Authorize header.

      So in the use case where the HttpClient is automatically sending a followup request with credentials in response to a 401, the client should place the cookies from the original response into the cookie store immediately, rather than waiting for after the response to the credentials (the 2nd response).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rsand Richard Sand
              • Votes:
                10 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: