[jira] [Updated] (CXF-9088) Set-Cookies set the incorrect metadata on redirect Cookies header when maintain session

Wed, 04 Dec 2024 13:28:04 -0800 


     [ 
https://issues.apache.org/jira/browse/CXF-9088?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmytro Sylaiev updated CXF-9088:
--------------------------------
    Affects Version/s: 3.6.4
                       4.0.5

> Set-Cookies set the incorrect metadata on redirect Cookies header when 
> maintain session
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-9088
>                 URL: https://issues.apache.org/jira/browse/CXF-9088
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.5.9, 4.0.5, 3.6.4
>            Reporter: Dmytro Sylaiev
>            Priority: Major
>
> When executing this code:
>  
> {noformat}
> WebClient webClient = WebClient.create("http://httpbin.org/cookies/set/1/2";);
> ClientConfiguration config = WebClient.getConfig(webClient);
> config.getRequestContext().put(Message.MAINTAIN_SESSION, true);
> config.getRequestContext()
>         .put("http.redirect.relative.uri", "true");
> HTTPConduit httpConduit = WebClient.getConfig(webClient).getHttpConduit();
> HTTPClientPolicy policy = httpConduit.getClient();
> policy.setAutoRedirect(true);
> Response r = webClient.get();
> System.out.println(r.getStatus());
> System.out.println("===");
> System.out.println("Response cookies: ");
> r.getCookies().forEach((k, v) -> {
>     System.out.println(k + " : " + v.getName() + "=" + v.getValue());
> });
> System.out.println("===");
> System.out.println("Session cookies: ");
> httpConduit.getCookies().forEach((k, v) -> {
>     System.out.println(k + " : " + v.getName() + "=" + v.getValue());
> });
> System.out.println("===");
> while (((InputStream) r.getEntity()).available() > 0) {
>     System.out.print((char) ((InputStream) r.getEntity()).read());
> }
> r.close();
> {noformat}
> the result is 
>  
> {noformat}
> 200
> ===
> Response cookies: 
> ===
> Session cookies: 
> 1 : 1=2
> ===
> {
>   "cookies": {
>     "$Path": "/", 
>     "$Version": "1", 
>     "1": "2"
>   }
> }
> {noformat}
> so the session cookie on CXF side is correct but the endpoint (the 
> /cookies/set/1/2/ returns a Set-Cookie header and then redirects on one which 
> displays what Cookie header it receives) shows that after the Set-Cookie 
> header was received, the redirect with Cookie header still contains $Path and 
> $Version attributes as a separate cookies.
>  
> Unlike in Postman or Curl, where the response body with maintain session is 
> {noformat}
> {    
>    "cookies": {        
>      "1": "2"
>     }
> }{noformat}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to