On 16/04/07, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:
On Sun, 2007-04-15 at 09:48 -0400, Tom Muldoon wrote:
> It appears that the HttpOnly cookie attribute is not recognized by the
> CookieSpec class (in both HttpClient 3.0 and 3.1rc). i.e. the following
> message is logged ...
>
> CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null
>
> This appears to be a bit of a show stopper, as the server redirects the
> subsequent request back to the Login page after a seemingly successful
> login. In looking at the cookie that is included in the subsequent
> request, the HttpOnly attribute is missing altogether.
>
> So, does HttpClient support HttpOnly cookie attribute???
>
Tom,
I am not aware of HttpOnly attribute mentioned anywhere in RFC2109 or
RFC2965. HttpClient does not support cookie attributes that are not
defined in the HTTP state management specification.
However it appears that using CookiePolicy.BROWSER_COMPATIBILITY will
ignore the unrecognised atribute, so you could try that.
S///
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
