[
https://issues.apache.org/jira/browse/HTTPCLIENT-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14103583#comment-14103583
]
Oleg Kalnichevski commented on HTTPCLIENT-1546:
-----------------------------------------------
Gregory,
Are you sure you have used the latest snapshot?
The following unit test passes for me
{code:java}
@Test
public void testVersion1CookieWithInvalidExpires2() throws Exception {
final CookieSpec cookiespec = new BrowserCompatSpec();
final CookieOrigin origin = new CookieOrigin("myhost.mydomain.com", 80,
"/", false);
final Header origHeader = new BasicHeader("Set-Cookie",
"hadoop.auth=\"u=client&[email protected]&t=kerberos&e=1408520171688&s=avhnlW37j3wYo4H6C86PcmjLhLY=\";
" +
"Version=1; Expires=Wed, 20-Aug-2014 07:36:11 GMT;
HttpOnly");
final List<Cookie> cookies = cookiespec.parse(origHeader, origin);
Assert.assertNotNull(cookies);
Assert.assertEquals(1, cookies.size());
final List<Header> headers = cookiespec.formatCookies(cookies);
Assert.assertNotNull(headers);
Assert.assertEquals(1, headers.size());
final Header header1 = headers.get(0);
Assert.assertEquals("hadoop.auth=\"u=client&[email protected]&t=kerberos&e=1408520171688&s=avhnlW37j3wYo4H6C86PcmjLhLY=\"",
header1.getValue());
}
{code}
Oleg
> Cookie values can end up being double quoted
> --------------------------------------------
>
> Key: HTTPCLIENT-1546
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1546
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Reporter: Gregory Chanan
> Fix For: 4.3.6, 4.4 Alpha2
>
>
> I mentioned this issue on the mailing list and Oleg asked me to file a JIRA.
> I have a cookie like this:
> hadoop.auth="someValue"; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT;
> HttpOnly
> Because it has an "Expires" attribute, httpclient treats it as a netscape
> cookie. But, when it is sent back to the server, it's sent double-quoted:
> hadoop.auth=""someValue""; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT;
> HttpOnly
> which causes the server to see the hadoop.auth value as "".
> So, it seems like httpclient is being inconsistent in how it treats the
> version; it first assumes version 0, but then treats it as version 1 and
> assumes it can add quotes. Even though the cookie is not a valid Version=1
> Cookie, ideally httpclient would not double quote the response.
> NOTE: I tested this on httpclient 4.2.5, but that's not a choice for "Affects
> Version"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
