Hello developers, I've tried to use httpclient 3.x and 4.x with www.hotelextranet.com and from what I observe it always seems to get the cookie format wrong. The cookies end up garbled unless I specifically set the "NETSCAPE" standard. The "BESTFIT" of 4.x doesn't seem to be the best fit for this IIS6 server. The headers are (anonymized):
Connection: close Date: Sat, 08 Jan 2011 07:28:19 GMT Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=utf-8 Client-Date: Sat, 08 Jan 2011 07:28:19 GMT Client-Peer: X.X.X.X:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware Client-SSL-Cert-Subject: /C=US/postalCode=98005/ST=Washington/L=Bellevue/street=3150 139th Avenue SE/O=Expedia Inc./OU=Ecommerce Ops/OU=Issued through Expedia Inc. E-PKI Manager/OU=Comodo PremiumSSL/CN=hotelextranet.com Client-SSL-Cipher: RC4-MD5 Client-SSL-Warning: Peer certificate not verified P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI" Set-Cookie: user=v.8,0,XXXXXXXXXXXXX$XXX$XXXXXXX$D46!G0.!5010$1C!70.$EFj$9D$2E$FBl$B9!4$FF!e02000; Domain=.hotelextranet.com; path=/ Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2015 23:59:59 GMT; Domain=.hotelextranet.com; path=/ Set-Cookie: MC1=GUID=XXXXXXXXXXXXXXXXXXXXX; expires=Sunday, 31-Dec-2015 23:59:59 GMT; Domain=.hotelextranet.com; path=/ Set-Cookie: NSC_ipufmfyusbofu.dpn-443-mc=XXXXXXXXXXXXXXXXXXXXXXXXXXX;expires=Sat, 08-Jan-2011 07:38:19 GMT;path=/;secure Without the NETSCAPE cookie format the first comma in the "user" cookie is seen as a delimiter and the next cookie begins (name in example: XXXXXXXXXXXXX$XXX...), which is not how it should work. Firefox gets this right, but Arora doesn't (I suspect because of the cookie format, but I've not investigated further). I'm not familiar with the inner workings of httpclient but I suspect one possible solution could be to use the Server: header to determine IIS machines of this kind and use the NETSCAPE cookie format then? Kind regards Magnus -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
