DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=36459>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36459 Summary: Handling cookies from same host with http and https Product: HttpClient Version: 3.0 RC3 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Commons HttpClient AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I found a strange behavior in handling cookies for the same host with the same port and path when the protocol changes from http to https. Usally a browser returns all cookies collected during http times with an https request to the same server as long as path and host match. This ensures that session cookies are kept and the session stays a single session regardless http/https mode. Currently as soon as the protocol switches (htmlunit using httpclient3.0R3), all cookies are lost. I found in the code a caching of the HttpClient by using a key (String key = url.getProtocol() + "://" + url.getHost().toLowerCase() + ":" + getPort(url);) Removing protocol and port temporarily fixes the problem for me but leads to other problems I guess. Because there might be secure cookies being issued in the https part of the session which should not being returned in http mode. So I think we need a cookie database that cares about HttpClient, Cookies Path, maybe Port, and cookie mode (secure or not). Switching cookie mode to RFC2109 did not solve the problem. Any ideas? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
