[jira] [Commented] (HTTPCLIENT-1720) secure cookies are not being sent to host:443 requests!

Tue, 16 Feb 2016 00:33:55 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15148274#comment-15148274
 ] 

praveen commented on HTTPCLIENT-1720:
-------------------------------------

Oleg, i really do not have any test project to give you. 

The case is that the server redirects for login page, and redirects post login 
as well. Post login, it sets few cookies with secure flag true, which were not 
sent with later https requests.
I used amazon for login.



> secure cookies are not being sent to host:443 requests!
> -------------------------------------------------------
>
>                 Key: HTTPCLIENT-1720
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1720
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>            Reporter: praveen
>
> Hello,
> I observed the server is setting secure=true flag on 2 cookies, and they are 
> not being sent with any further requests in HC 4.5.1 (i tried with earlier 
> version, upto 4.3 as well), even when the request is being sent to https url, 
> thus the session with server is broken.
> wire logs snippets:
> ......
> 05 Feb 2016 22:51:31,936 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] CookieSpec 
> selected: standard
> 05 Feb 2016 22:51:31,936 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: a-ogbcbff][value: 1][domain: amazon.com][path: /][expiry: 
> Fri Feb 05 23:04:30 IST 2016] match [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,937 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: session-id][value: 187-0...118442][domain: 
> amazon.com][path: /][expiry: Tue Jan 01 13:30:01 IST 2036] match 
> [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,937 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: session-id-time][value: 2082787201l][domain: 
> amazon.com][path: /][expiry: Tue Jan 01 13:30:01 IST 2036] match 
> [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,937 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: session-token][value: bL7a..2OAg==][domain: 
> amazon.com][path: /][expiry: Thu Jan 31 22:50:38 IST 2036] match 
> [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,937 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: skin][value: noskin][domain: amazon.com][path: /][expiry: 
> null] match [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,937 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: ubid-main][value: 185-8870350-8865056][domain: 
> amazon.com][path: /][expiry: Tue Jan 01 13:30:01 IST 2036] match 
> [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,938 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: x-main][value: 0A8G..QeW][domain: amazon.com][path: 
> /][expiry: Thu Jan 31 22:50:38 IST 2036] match [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,938 [DEBUG] 
> [org.apache.http.client.protocol.RequestAddCookies.process() ] Cookie 
> [version: 0][name: x-wl-uid][value: 16a..28=][domain: amazon.com][path: 
> /][expiry: Tue Jan 01 13:30:01 IST 2036] match [www.amazon.com:443/gp/....]
> 05 Feb 2016 22:51:31,938 [DEBUG] 
> [org.apache.http.client.protocol.RequestAuthCache.process() ] Auth cache not 
> set in the context
> ..........
> whereas the cookie store at this request time held these cookies:
> [
>   { "name": "a-ogbcbff", "value": "1", "creationDate": 1454692838839, "path": 
> "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, 
> "expiryDate": 1454693670000, "commentURL": null, "persistent": true, "ports": 
> null
>   },
>   { "name": "at-main", "value": "5|X5..fS50", "creationDate": 1454692838841, 
> "path": "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": 
> true, "expiryDate": 2085412830000, "commentURL": null, "persistent": true, 
> "ports": null
>   },
>   { "name": "sess-at-main", "value": "qEy..Sc=", "creationDate": 
> 1454692838841, "path": "/", "comment": null, "version": 0, "domain": 
> "amazon.com", "secure": true, "expiryDate": null, "commentURL": null, 
> "persistent": false, "ports": null
>   },
>   { "name": "session-id", "value": "187-0721455-2118442", "creationDate": 
> 1454692892527, "path": "/", "comment": null, "version": 0, "domain": 
> "amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": 
> null, "persistent": true, "ports": null
>   },
>   { "name": "session-id-time", "value": "2082787201l", "creationDate": 
> 1454692892527, "path": "/", "comment": null, "version": 0, "domain": 
> "amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": 
> null, "persistent": true, "ports": null
>   },
>   { "name": "session-token", "value": "bL7a..Ag==", "creationDate": 
> 1454692838840, "path": "/", "comment": null, "version": 0, "domain": 
> "amazon.com", "secure": false, "expiryDate": 2085412838840, "commentURL": 
> null, "persistent": true, "ports": null
>   },
>   { "name": "skin", "value": "noskin", "creationDate": 1454692839279, "path": 
> "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": false, 
> "expiryDate": null, "commentURL": null, "persistent": false, "ports": null
>   },
>   { "name": "ubid-main", "value": "185-8870350-8865056", "creationDate": 
> 1454692892527, "path": "/", "comment": null, "version": 0, "domain": 
> "amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": 
> null, "persistent": true, "ports": null
>   },
>   { "name": "x-main", "value": "0A8G...h9QeW", "creationDate": 1454692838841, 
> "path": "/", "comment": null, "version": 0, "domain": "amazon.com", "secure": 
> false, "expiryDate": 2085412838841, "commentURL": null, "persistent": true, 
> "ports": null
>   },
>   { "name": "x-wl-uid", "value": "16aq..0C28=", "creationDate": 
> 1454692839280, "path": "/", "comment": null, "version": 0, "domain": 
> "amazon.com", "secure": false, "expiryDate": 2082787201000, "commentURL": 
> null, "persistent": true, "ports": null
>   }
> ]
> Interestingly, if i reset the secure flag to false of each cookie in the 
> cookieStore after the request was made, then everything goes fine and session 
> is maintained. 
> Didn't capture that logs.. Will do and post again.
> I used below code to create the client:
> RequestConfig globalRequestConfig = RequestConfig.custom()
> .setCookieSpec(CookieSpecs.STANDARD)
> ......
> CloseableHttpClient httpClient = HttpClientBuilder.create()
> .setDefaultRequestConfig(globalRequestConfig)
> .setDefaultCookieStore(cookieStore)
> ..............
> Am i doing anything wrong, or is something missed, or is it a bug?
> Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to