Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1735

Set-Cookie headers received in HTTP 401 during Digest Authentication not stored CookieStore

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 4.4.1
    • Fix Version/s: None
    • Component/s: HttpClient (classic)
    • Labels:
      None
    • Environment:
      Client using apache-camel http4 version 2.13.1 running requests against server using spring-boot.

      Description

      We are executing REST requests against a digest protected endpoint. The server uses session cookies to ensure stickiness.

      During the digest roundtrip the first set-cookie header is ignored - thus forcing the server to create another session cookie that is then returned in the http 200 response.

      Roundtrip:

      1. Request is made (without cookie)
      2. Server responds with HTTP 401 and digest authentication challenge (including set-cookie header)
      3. Request is done again with authentication header (but still without cookie - this is the bug)
      4. Response is received with HTTP 200

      Subsequent requests with the same HTTPClient instance contain the cookie received during the HTTP200 response.

      This was working fine in version 4.1.1.

      It seems that the class org.apache.http.impl.execchain.ProtocolExec is responsible for processing the request and response interceptors (including the RequestAddCookies and ReponseProcessCookies Interceptors). Unfortunately the 401 processing and re-requesting is done in the nested requestExecutor (MainClientExec) - and this one only adds the authentication header and disregards any Set-Cookie headers received in the 401 response.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                stefan.friedrich Stefan Friedrich
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: