[jira] [Commented] (HTTPCLIENT-1451) HttpClient does not store response cookies on a 401

Fri, 24 Jan 2014 09:32:23 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13881162#comment-13881162
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1451:
-----------------------------------------------

True, but this is not the main issue. HttpClient as specified by RFC 2617 in 
case of an authentication challenge re-tries the request by adding an 
appropriate authentication response header. It does not re-run the request 
through the entire processing pipeline from the very start.

I do not think HttpClient 5.0 can be expected any time soon (if ever). It 
should really consider making the web service more RFC 2617 compatible. If 
necessary one can pass additional attributes in the auth challenge and response 
headers instead of sticking them into a cookie.

Oleg

> HttpClient does not store response cookies on a 401
> ---------------------------------------------------
>
>                 Key: HTTPCLIENT-1451
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1451
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpAuth
>    Affects Versions: 4.3.2
>            Reporter: Richard Sand
>            Priority: Minor
>
> Using HttpClient 4.3.2 to call a Web Service which is secured with BASIC 
> authentication. The server responds to the initial request with a 401 
> response but also includes a cookie.
> The HttpClient does not place response cookies into the cookie store until 
> after it has completed the subsequent request with the Authorize header, but 
> the server rejects the authentication if the cookie is missing. 
> To work around this I had to disable the authentication capability in the 
> HttpClientContext and manually check for the 401 response code, and then send 
> a followup request with a manually set Authorize header.
> So in the use case where the HttpClient is automatically sending a followup 
> request with credentials in response to a 401, the client should place the 
> cookies from the original response into the cookie store immediately, rather 
> than waiting for after the response to the credentials (the 2nd response).



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to