[jira] [Created] (HTTPCLIENT-1720) secure cookies are not being sent to host:443 requests!

praveen (JIRA) Mon, 15 Feb 2016 09:13:48 -0800

praveen created HTTPCLIENT-1720:
-----------------------------------

             Summary: secure cookies are not being sent to host:443 requests!
                 Key: HTTPCLIENT-1720
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1720
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.5.1
            Reporter: praveen



Hello,

I observed the server is setting secure=true flag on 2 cookies, and they are 
not being sent with any further requests in HC 4.5.1 (i tried with earlier 
version, upto 4.3 as well), even when the request is being sent to https url, 
thus the session with server is broken.

wire logs snippets:

......
05 Feb 2016 22:51:31,936 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] CookieSpec 
selected: standard
05 Feb 2016 22:51:31,936 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: a-ogbcbff][value: 1][domain: amazon.com][path: /][expiry: Fri Feb 05 
23:04:30 IST 2016] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: session-id][value: 187-0...118442][domain: amazon.com][path: 
/][expiry: Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: session-id-time][value: 2082787201l][domain: amazon.com][path: 
/][expiry: Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: session-token][value: bL7a..2OAg==][domain: amazon.com][path: 
/][expiry: Thu Jan 31 22:50:38 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: skin][value: noskin][domain: amazon.com][path: /][expiry: null] match 
[www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,937 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: ubid-main][value: 185-8870350-8865056][domain: amazon.com][path: 
/][expiry: Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,938 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: x-main][value: 0A8G..QeW][domain: amazon.com][path: /][expiry: Thu Jan 
31 22:50:38 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,938 [DEBUG] 
[org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie [version: 
0][name: x-wl-uid][value: 16a..28=][domain: amazon.com][path: /][expiry: Tue 
Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
05 Feb 2016 22:51:31,938 [DEBUG] 
[org.apache.http.client.protocol.RequestAuthCache.process() ] Auth cache not 
set in the context
..........


whereas the cookie store at this request time held these cookies:

[
  { "name": "a-ogbcbff", "value": "1", "creationDate": 1454692838839, "path": 
"/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, 
"expiryDate": 1454693670000, "commentURL": null, "persistent": true, "ports": 
null
  },
  { "name": "at-main", "value": "5|X5..fS50", "creationDate": 1454692838841, 
"path": "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": 
true, "expiryDate": 2085412830000, "commentURL": null, "persistent": true, 
"ports": null
  },
  { "name": "sess-at-main", "value": "qEy..Sc=", "creationDate": 1454692838841, 
"path": "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": 
true, "expiryDate": null, "commentURL": null, "persistent": false, "ports": null
  },
  { "name": "session-id", "value": "187-0721455-2118442", "creationDate": 
1454692892527, "path": "/", "comment": null, "version": 0, "domain": 
"amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": null, 
"persistent": true, "ports": null
  },
  { "name": "session-id-time", "value": "2082787201l", "creationDate": 
1454692892527, "path": "/", "comment": null, "version": 0, "domain": 
"amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": null, 
"persistent": true, "ports": null
  },
  { "name": "session-token", "value": "bL7a..Ag==", "creationDate": 
1454692838840, "path": "/", "comment": null, "version": 0, "domain": 
"amazon.com", "secure": false, "expiryDate": 2085412838840, "commentURL": null, 
"persistent": true, "ports": null
  },
  { "name": "skin", "value": "noskin", "creationDate": 1454692839279, "path": 
"/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, 
"expiryDate": null, "commentURL": null, "persistent": false, "ports": null
  },
  { "name": "ubid-main", "value": "185-8870350-8865056", "creationDate": 
1454692892527, "path": "/", "comment": null, "version": 0, "domain": 
"amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": null, 
"persistent": true, "ports": null
  },
  { "name": "x-main", "value": "0A8G...h9QeW", "creationDate": 1454692838841, 
"path": "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": 
false, "expiryDate": 2085412838841, "commentURL": null, "persistent": true, 
"ports": null
  },
  { "name": "x-wl-uid", "value": "16aq..0C28=", "creationDate": 1454692839280, 
"path": "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": 
false, "expiryDate": 2082787201000, "commentURL": null, "persistent": true, 
"ports": null
  }
]


Interestingly, if i reset the secure flag to false of each cookie in the 
cookieStore after the request was made, then everything goes fine and session 
is maintained. 
Didn't capture that logs.. Will do and post again.


I used below code to create the client:

RequestConfig globalRequestConfig = RequestConfig.custom()
.setCookieSpec(CookieSpecs.STANDARD)
......

CloseableHttpClient httpClient = HttpClientBuilder.create()
.setDefaultRequestConfig(globalRequestConfig)
.setDefaultCookieStore(cookieStore)
..............

Am i doing anything wrong, or is something missed, or is it a bug?



Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HTTPCLIENT-1720) secure cookies are not being sent to host:443 requests!

Reply via email to