Over in HADOOP-10911 (https://issues.apache.org/jira/browse/HADOOP-10911) we are trying to figure out a cookie format that works well with httpclient.
The cookie looks something like this: hadoop.auth="someValue"; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT; HttpOnly The issue with this is the Expires triggers the cookie to be parsed as a netscape cookie, even though the version field is present (I'm using httpclient 4.2.5, but trunk seems similar): https://github.com/apache/httpclient/blob/405f464a84b0bcb70643db78fe916b0bad83936f/httpclient/src/main/java/org/apache/http/impl/cookie/BestMatchSpec.java#L106-L114 and the hadoop.auth value is stored on the client with quotes, since the netscape cookies do not support quotes (from RFC2109): "Note that the Expires date format contains embedded spaces, and that "old" cookies did not have quotes around values. " Then, when the cookie is sent back to the server, the hadoop.auth value is quoted again, i.e.: hadoop.auth=""someValue""; Version=1; Expires=Fri, 01 Aug 2014 09:03:40 GMT; HttpOnly which causes the server to see the hadoop.auth value as "". Does this seem like a bug? It seems like httpclient could handle this in a number of ways, e.g: 1) having a version field causes the cookie to be parsed even if there is an expires (note: we'd have to quote the Expires to get it to parse correctly as a non-netscape cookie) 2) if it's a netscape cookie, it shouldn't be quoted when sent back, since netscape cookies don't support quotes anyway 3) perhaps some check on the expires, i.e. if it's quoted it's assumed not to be a netscape cookie, since netscape cookies don't have quotes Thoughts? Greg
