Richard Sand created HTTPCLIENT-1451:
----------------------------------------
Summary: HttpClient does not store response cookies on a 401
Key: HTTPCLIENT-1451
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1451
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpAuth
Affects Versions: 4.3.2
Reporter: Richard Sand
Priority: Minor
Using HttpClient 4.3.2 to call a Web Service which is secured with BASIC
authentication. The server responds to the initial request with a 401 response
but also includes a cookie.
The HttpClient does not place response cookies into the cookie store until
after it has completed the subsequent request with the Authorize header, but
the server rejects the authentication if the cookie is missing.
To work around this I had to disable the authentication capability in the
HttpClientContext and manually check for the 401 response code, and then send a
followup request with a manually set Authorize header.
So in the use case where the HttpClient is automatically sending a followup
request with credentials in response to a 401, the client should place the
cookies from the original response into the cookie store immediately, rather
than waiting for after the response to the credentials (the 2nd response).
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
