On Mon, 2006-02-20 at 15:46 +0100, Hoef, Jan wrote: > Thanx for your explanation. I'll try out the Netscape cookie draft spec. > However the httpclient code generates only 3 cookies out of it, not 4. > > Jan >
Jan, I have not touched the HttpClient 2.x code for almost 6 months now, so I may well be wrong about it, but I do see that both cookies violate the HTTP spec. Try hitting the site with HttpClient 3.0 and see if that makes any difference Oleg > -----Original Message----- > From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] > Sent: maandag 20 februari 2006 15:36 > To: HttpClient Project > Subject: Re: cookie processing > > On Mon, 2006-02-20 at 14:34 +0100, Hoef, Jan wrote: > > Hi, > > > > I am working with the jakarta project slide that uses the > > commons-httpclient-2.0.2. > > I have written a client that sends requests via webdav to the > microsoft > > exchange server 2003. > > In the exchange server form based authentication is active. > > Wenn I enter my logon credentials in my post request, the server > > responds containing 2 cookies that are needed in all next request. > > These cookies are, e.g.: > > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/ > > - > > > cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu > > P+E2OfwYC4rWCMgGe; HttpOnly; secure; path=/ > > > > However at parsing the cookies, 3 cookies are recognized, i.e.: > > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828 > > - 0x409 > > - > > > cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu > > P+E2OfwYC4rWCMgGe > > > > The 0x409 part should not be a cookie but should be a part of the > > sessionid cookie!!! > > > > No, this is wrong. The cookie sessionid clearly violates the HTTP spec > and the Cookie and Cookie2 specs. Please report this bug to the software > manufacturer. > > Actually you should be getting 4 cookies in total, as the cadata cookie > is invalid as well. > > HttpClient 3.0 provides the Netscape Draft cookie spec which may work > with these cookies. Netscape Cookie Draft is the only spec that permits > the use of special separator characters, such as comma, in cookie values > that are not enclosed in quotes > > Hope this explains the situation > > Oleg > > > > The ideal solution would be to correct this in the cookie parser. > > Because I am no expert in cookies and httpclient, Ii changed the > > httpstate class in such a way that I can manipulate the cookies. See > > path below. > > > > Jan > > > > > > > > [patch] > > Index: > > > D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j > > ava > > =================================================================== > > --- > > > D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j > > ava (revision 379076) > > +++ > > > D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j > > ava (working copy) > > @@ -1,7 +1,7 @@ > > /* > > * $Header: > > > /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commo > > ns//httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v > > 1.22.2.3 2003/10/29 03:08:49 mbecke Exp $ > > * $Revision: 1.22.2.3 $ > > - * $Date: 2003/10/29 03:08:49 $ > > + * $Date$ > > * > > * > ==================================================================== > > * > > @@ -96,7 +96,7 @@ > > * @author <a href="mailto:[EMAIL PROTECTED]">Mike > > Bowler</a> > > * @author <a href="mailto:[EMAIL PROTECTED]">Adrian Sutton</a> > > * > > - * @version $Revision: 1.22.2.3 $ $Date: 2003/10/29 03:08:49 $ > > + * @version $Revision: 1.22.2.3 $ $Date$ > > * > > */ > > public class HttpState { > > @@ -199,6 +199,7 @@ > > public synchronized void addCookie(Cookie cookie) { > > LOG.trace("enter HttpState.addCookie(Cookie)"); > > > > + int i = 0; > > if (cookie != null) { > > // first remove any old cookie that is equivalent > > for (Iterator it = cookies.iterator(); it.hasNext();) { > > @@ -207,13 +208,37 @@ > > it.remove(); > > break; > > } > > + i++; > > } > > if (!cookie.isExpired()) { > > - cookies.add(cookie); > > + if (i==0) > > + cookies.add(cookie); > > + else > > + cookies.add(i,cookie); > > } > > } > > } > > + /** > > + * Remove an [EMAIL PROTECTED] Cookie HTTP cookie}, any existing > > equivalent > > cookies. > > + * > > + * @param cookie the [EMAIL PROTECTED] Cookie cookie} to be removed > > + * > > + */ > > + public synchronized void removeCookie(Cookie cookie) { > > + LOG.trace("enter HttpState.removeCookie(Cookie)"); > > > > + if (cookie != null) { > > + // first remove any old cookie that is equivalent > > + for (Iterator it = cookies.iterator(); it.hasNext();) { > > + Cookie tmp = (Cookie) it.next(); > > + if (cookie.equals(tmp)) { > > + it.remove(); > > + break; > > + } > > + } > > + } > > + } > > + > > /** > > * Adds an array of [EMAIL PROTECTED] Cookie HTTP cookies}. Cookies are > added > > individually and > > * in the given array order. If any of the given cookies has > > already expired it will > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
