Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-661

Error with quoted cookie value

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Won't Fix
    • 3.0 Final, 3.0.1, 3.1 RC1
    • 4.0 Alpha 2
    • HttpClient (classic)
    • None
    • Mac OSX 10.4.9
      Java 1.5
      Firefox 2.0.0.4

    Description

      If a web server sends this http header (for example, after an authentication) :
      Set-Cookie: cookie-name="quoted-cookie-value-authent-ok";Path=/; secure

      In the parsing of cookies, when HttpClient detects a quoted cookie, it strip the
      first and the last quote '"', so it stores the value :
      quoted-cookie-value-authent-ok

      When you go on the next page after the authenticate page, with the policy
      BROWSER_COMPATIBILITY and all others, HttpClient sends this http header :
      Cookie: cookie-name=quoted-cookie-value-authent-ok

      But the server expects to receive the value :
      Cookie: cookie-name="quoted-cookie-value-authent-ok"

      and it rejects the client because it doesn't recognize the authenticated cookie.

      The server doesn't work correctly because quotation marks in cookie attributes
      are optional as long as those attribute values contain no reserved characters,
      but I don't have control above and if I do the same test with firefox, it stores
      the cookie value with quotes '"'.

      So, in the case of the policy BROWSER_COMPATIBILITY it would be better to don't
      strip away quotes (like firefox).

      Attachments

        Activity

          People

            Unassigned Unassigned
            zertyuio David Brochoire
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: