On Tue, 2008-05-27 at 16:29 +0400, Oleg L wrote: > Guys, > > I hope it is not impolite to send this question to the devs list > directly w/o discussing the issue on the users list first, I guess I > just understand well enough what's going on and what's wrong here. >
We are fairly lenient about protocol as long as that protocol is not HTTP ;-) > I'm working on the project which uses HttpClient v3. I'm not sure if > the issue has existed before 3.1. > > The server which I connect to sends strange cookies - first it sends a > cookie with an expiry date somewhere in 2009, and next it sends me a > cookie with the same name and which is already expired. Browsers just > ignore the second cookie, but HttpClient.addCookie() has a different > behavior - it discards an existing cookie first and checks if the > cookie has expired second. This results in my client left w/o a cookie > needed for moving further. > > From RFC 2109 it is not exactly clear how the client should behave in > a case like this: > > == > 4.3.3 Cookie Management > > If a user agent receives a Set-Cookie response header whose NAME is > the same as a pre-existing cookie, and whose Domain and Path > attribute values exactly (string) match those of a pre-existing > cookie, the new cookie supersedes the old. However, if the Set- > Cookie has a value for Max-Age of zero, the (old and new) cookie is > discarded. Otherwise cookies accumulate until they expire (resources > permitting), at which time they are discarded. > == > > But the expiration of those cookies is handled by "expires=" parameter > :) So strictly speaking this is that "Otherwise cookies accumulate > until they expire" case :) The 'expires' attribute was introduced in the Netscape draft, but it never made it into the official specification. Nonetheless HTTP agents usually handle 'expires' and 'max-age' as mutually interchangeable. So does HttpClient 3.x. > > Can I suggest changing the behavior of the addCookie() in a way that > ignores expired cookies *before* removing the cookie from the state? > I do not think there is any point in changing the way HttpClient 3.x works, at the very least for compatibility reasons. In HttpClient 4.0 you have an option of providing a custom implementation of the CookieStore interface and implementing the #addCookie method as your heart desires. Типа тоже Олег > Thanks in advance, everyone. > > Oleg Lecinski > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
