[
https://issues.apache.org/jira/browse/HTTPCLIENT-1451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14333480#comment-14333480
]
Oleg Kalnichevski commented on HTTPCLIENT-1451:
-----------------------------------------------
Custom AuthenticationStrategy that also evicts the cookie / updates the cookie
store associated with the current HttpContext.
Oleg
> HttpClient does not store response cookies on a 401
> ---------------------------------------------------
>
> Key: HTTPCLIENT-1451
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1451
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpAuth
> Affects Versions: 4.3.2
> Reporter: Richard Sand
> Priority: Minor
> Fix For: 5.0
>
>
> Using HttpClient 4.3.2 to call a Web Service which is secured with BASIC
> authentication. The server responds to the initial request with a 401
> response but also includes a cookie.
> The HttpClient does not place response cookies into the cookie store until
> after it has completed the subsequent request with the Authorize header, but
> the server rejects the authentication if the cookie is missing.
> To work around this I had to disable the authentication capability in the
> HttpClientContext and manually check for the 401 response code, and then send
> a followup request with a manually set Authorize header.
> So in the use case where the HttpClient is automatically sending a followup
> request with credentials in response to a 401, the client should place the
> cookies from the original response into the cookie store immediately, rather
> than waiting for after the response to the credentials (the 2nd response).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
