Hi Oleg,
I had a wrong statement in my first mail, the value of the second cookie
was quoted.
cadata="1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHs
uP+E2OfwYC4rWCMgGe".
I tested it on httpclient 2 and 3.
Only the netscape draft spec of httpclient 3 parsed the sessionid cookie
into 1 cookie all the other made 2 cookies from it.
Jan
Testcase httpclient3:
package org.apache.commons.httpclient.cookie;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.cookie.CookieSpec;
import junit.framework.TestCase;
public class TestWrongCookie extends TestCase {
public void testParseRFC2109() throws Exception {
CookieSpec parser = new RFC2109Spec();
String setCookie1 =
"sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/";
String setCookie2 =
"cadata=\"1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QU
HsuP+E2OfwYC4rWCMgGe\"; HttpOnly; secure; path=/";
Cookie[] parsed1 =
parser.parse("127.0.0.1",80,"/",true,setCookie1);
Cookie[] parsed2 =
parser.parse("127.0.0.1",80,"/",true,setCookie2);
assertEquals(2,parsed1.length);
assertEquals(1,parsed2.length);
}
public void testParseNetscape() throws Exception {
CookieSpec parser = new NetscapeDraftSpec();
String setCookie1 =
"sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/";
String setCookie2 =
"cadata=\"1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QU
HsuP+E2OfwYC4rWCMgGe\"; HttpOnly; secure; path=/";
Cookie[] parsed1 =
parser.parse("127.0.0.1",80,"/",true,setCookie1);
Cookie[] parsed2 =
parser.parse("127.0.0.1",80,"/",true,setCookie2);
assertEquals(1,parsed1.length);
assertEquals(1,parsed2.length);
}
}
-----Original Message-----
From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED]
Sent: maandag 20 februari 2006 15:54
To: HttpClient Project
Subject: RE: cookie processing
On Mon, 2006-02-20 at 15:46 +0100, Hoef, Jan wrote:
> Thanx for your explanation. I'll try out the Netscape cookie draft
spec.
> However the httpclient code generates only 3 cookies out of it, not 4.
>
> Jan
>
Jan,
I have not touched the HttpClient 2.x code for almost 6 months now, so I
may well be wrong about it, but I do see that both cookies violate the
HTTP spec. Try hitting the site with HttpClient 3.0 and see if that
makes any difference
Oleg
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED]
> Sent: maandag 20 februari 2006 15:36
> To: HttpClient Project
> Subject: Re: cookie processing
>
> On Mon, 2006-02-20 at 14:34 +0100, Hoef, Jan wrote:
> > Hi,
> >
> > I am working with the jakarta project slide that uses the
> > commons-httpclient-2.0.2.
> > I have written a client that sends requests via webdav to the
> microsoft
> > exchange server 2003.
> > In the exchange server form based authentication is active.
> > Wenn I enter my logon credentials in my post request, the server
> > responds containing 2 cookies that are needed in all next request.
> > These cookies are, e.g.:
> > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828, 0x409; path=/
> > -
> >
>
cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > P+E2OfwYC4rWCMgGe; HttpOnly; secure; path=/
> >
> > However at parsing the cookies, 3 cookies are recognized, i.e.:
> > - sessionid=4241de88-1c21-4f39-b7b7-f50a87d6a828
> > - 0x409
> > -
> >
>
cadata=1,kou8Vc9O9nrV4YRnTwVz6QMNbuiWuIg2NprLOkMT4NEcDtGkSTB2P9ORB2QUHsu
> > P+E2OfwYC4rWCMgGe
> >
> > The 0x409 part should not be a cookie but should be a part of the
> > sessionid cookie!!!
> >
>
> No, this is wrong. The cookie sessionid clearly violates the HTTP spec
> and the Cookie and Cookie2 specs. Please report this bug to the
software
> manufacturer.
>
> Actually you should be getting 4 cookies in total, as the cadata
cookie
> is invalid as well.
>
> HttpClient 3.0 provides the Netscape Draft cookie spec which may work
> with these cookies. Netscape Cookie Draft is the only spec that
permits
> the use of special separator characters, such as comma, in cookie
values
> that are not enclosed in quotes
>
> Hope this explains the situation
>
> Oleg
>
>
> > The ideal solution would be to correct this in the cookie parser.
> > Because I am no expert in cookies and httpclient, Ii changed the
> > httpstate class in such a way that I can manipulate the cookies.
See
> > path below.
> >
> > Jan
> >
> >
> >
> > [patch]
> > Index:
> >
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava
> > ===================================================================
> > ---
> >
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava (revision 379076)
> > +++
> >
>
D:/jakarta/httpclient/src/java/org/apache/commons/httpclient/HttpState.j
> > ava (working copy)
> > @@ -1,7 +1,7 @@
> > /*
> > * $Header:
> >
>
/home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commo
> >
ns//httpclient/src/java/org/apache/commons/httpclient/HttpState.java,v
> > 1.22.2.3 2003/10/29 03:08:49 mbecke Exp $
> > * $Revision: 1.22.2.3 $
> > - * $Date: 2003/10/29 03:08:49 $
> > + * $Date$
> > *
> > *
> ====================================================================
> > *
> > @@ -96,7 +96,7 @@
> > * @author <a href="mailto:[EMAIL PROTECTED]">Mike
> > Bowler</a>
> > * @author <a href="mailto:[EMAIL PROTECTED]">Adrian Sutton</a>
> > *
> > - * @version $Revision: 1.22.2.3 $ $Date: 2003/10/29 03:08:49 $
> > + * @version $Revision: 1.22.2.3 $ $Date$
> > *
> > */
> > public class HttpState {
> > @@ -199,6 +199,7 @@
> > public synchronized void addCookie(Cookie cookie) {
> > LOG.trace("enter HttpState.addCookie(Cookie)");
> >
> > + int i = 0;
> > if (cookie != null) {
> > // first remove any old cookie that is equivalent
> > for (Iterator it = cookies.iterator(); it.hasNext();) {
> > @@ -207,13 +208,37 @@
> > it.remove();
> > break;
> > }
> > + i++;
> > }
> > if (!cookie.isExpired()) {
> > - cookies.add(cookie);
> > + if (i==0)
> > + cookies.add(cookie);
> > + else
> > + cookies.add(i,cookie);
> > }
> > }
> > }
> > + /**
> > + * Remove an [EMAIL PROTECTED] Cookie HTTP cookie}, any existing
equivalent
> > cookies.
> > + *
> > + * @param cookie the [EMAIL PROTECTED] Cookie cookie} to be removed
> > + *
> > + */
> > + public synchronized void removeCookie(Cookie cookie) {
> > + LOG.trace("enter HttpState.removeCookie(Cookie)");
> >
> > + if (cookie != null) {
> > + // first remove any old cookie that is equivalent
> > + for (Iterator it = cookies.iterator(); it.hasNext();) {
> > + Cookie tmp = (Cookie) it.next();
> > + if (cookie.equals(tmp)) {
> > + it.remove();
> > + break;
> > + }
> > + }
> > + }
> > + }
> > +
> > /**
> > * Adds an array of [EMAIL PROTECTED] Cookie HTTP cookies}. Cookies are
> added
> > individually and
> > * in the given array order. If any of the given cookies has
> > already expired it will
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
