[jira] [Commented] (HTTPCLIENT-1451) HttpClient does not store response cookies on a 401

Fri, 24 Jan 2014 08:56:50 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13881142#comment-13881142
 ] 

Richard Sand commented on HTTPCLIENT-1451:
------------------------------------------

Hi Oleg-

I agree it's not typical, but there's nothing in 2617 that precludes other
headers, including cookies, being sent in the 401 response.

I do have the workaround, it just prevents me from using the AuthCache and
such. I'll be happy to test the behavior again in 5.0 alpha.

Thanks!


Richard Sand | CEO
IDF Connect, Inc.
2207 Concord Ave, #359
Wilmington | Delaware 19803 | USA
Office: +1 888 765 1611 | Fax: +1 866 765 7284
Mobile: +1 267 984 3651





> HttpClient does not store response cookies on a 401
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1451
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1451
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpAuth
>    Affects Versions: 4.3.2
>            Reporter: Richard Sand
>            Priority: Minor
>
> Using HttpClient 4.3.2 to call a Web Service which is secured with BASIC 
> authentication. The server responds to the initial request with a 401 
> response but also includes a cookie.
> The HttpClient does not place response cookies into the cookie store until 
> after it has completed the subsequent request with the Authorize header, but 
> the server rejects the authentication if the cookie is missing. 
> To work around this I had to disable the authentication capability in the 
> HttpClientContext and manually check for the 401 response code, and then send 
> a followup request with a manually set Authorize header.
> So in the use case where the HttpClient is automatically sending a followup 
> request with credentials in response to a 401, the client should place the 
> cookies from the original response into the cookie store immediately, rather 
> than waiting for after the response to the credentials (the 2nd response).



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to