Dmytro Sylaiev created CXF-9088:
-----------------------------------
Summary: Set-Cookies set the incorrect metadata on redirect
Cookies header when maintain session
Key: CXF-9088
URL: https://issues.apache.org/jira/browse/CXF-9088
Project: CXF
Issue Type: Bug
Reporter: Dmytro Sylaiev
When executing this code:
{noformat}
WebClient webClient = WebClient.create("http://httpbin.org/cookies/set/1/2";);
ClientConfiguration config = WebClient.getConfig(webClient);
config.getRequestContext().put(Message.MAINTAIN_SESSION, true);
config.getRequestContext()
.put("http.redirect.relative.uri", "true");
HTTPConduit httpConduit = WebClient.getConfig(webClient).getHttpConduit();
HTTPClientPolicy policy = httpConduit.getClient();
policy.setAutoRedirect(true);
Response r = webClient.get();
System.out.println(r.getStatus());
System.out.println("===");
System.out.println("Response cookies: ");
r.getCookies().forEach((k, v) -> {
System.out.println(k + " : " + v.getName() + "=" + v.getValue());
});
System.out.println("===");
System.out.println("Session cookies: ");
httpConduit.getCookies().forEach((k, v) -> {
System.out.println(k + " : " + v.getName() + "=" + v.getValue());
});
System.out.println("===");
while (((InputStream) r.getEntity()).available() > 0) {
System.out.print((char) ((InputStream) r.getEntity()).read());
}
r.close();
{noformat}
the result is
{noformat}
200
===
Response cookies:
===
Session cookies:
1 : 1=2
===
{
"cookies": {
"$Path": "/",
"$Version": "1",
"1": "2"
}
}
{noformat}
so the session cookie on CXF side is correct but the endpoint (the
/cookies/set/1/2/ returns a Set-Cookie header and then redirects on one which
displays what Cookie header it receives) shows that after the Set-Cookie header
was received, the redirect with Cookie header still contains $Path and $Version
attributes as a separate cookies.
Unlike in Postman or Curl, where the response body with maintain session is
{noformat}
{
"cookies": {
"1": "2"
}
}{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
