Re: HttpClient and cookies

Mon, 20 Oct 2008 23:59:55 -0700 

On Tue, 2008-10-21 at 08:45 +0200, Reinhard Pagitsch wrote:
> Hello Joseph,
> 
> But why my Browsers (FF and IE) are sending the cookies back 
> "correctly"? Or the Browsers are also "broken"?
> 

This is a _server_ side problem. This has nothing to do with browsers.
By the way all common browsers have to support non standard cookie
behaviors due to all those broken server side scripts in the wild.

So, fix things where the fix is due  

Oleg


> Thank you,
> Reinhard
> 
> Joseph Mocker wrote:
> > It sounds like your webserver, or whatever is generating & processing 
> > the session cookie, is in error. From my reads of RFC2109 & RFC2068, 
> > quotes are reserved characters, they are not allowed in the cookie value.
> >
> > They say the cookie value can be either
> >
> >                     token | quoted-string
> >
> > where
> >
> >          token          = 1*<any CHAR except CTLs or tspecials>
> >
> >          tspecials      = "(" | ")" | "<" | ">" | "@"
> >                         | "," | ";" | ":" | "\" | <">
> >                         | "/" | "[" | "]" | "?" | "="
> >                         | "{" | "}" | SP | HT
> >
> > and
> >
> >          quoted-string  = ( <"> *(qdtext) <"> )
> >
> >          qdtext         = <any TEXT except <">>
> >
> >
> > So in your example, the quoted-string form is used, therefore the 
> > quotes are not part of the cookie value.
> >
> > Perhaps one of the developers can comment?
> >
> >  --joe
> >
> >
> > Reinhard Pagitsch wrote:
> >> Hello to all,
> >>
> >> From our webserver I get a session cookie in the form 
> >> POSESSIONID="dfgsdfgsdg="
> >> But the HTTPClient sends back the cookie in the form 
> >> POSESSIONID=dfgsdfgsdg=.
> >> Therefore no authentication is done. Is there a way to configure the 
> >> HttpClient to send back
> >> the session cookie as it is and do no modifications?
> >>
> >> Thank you,
> >> Reinhard
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to