[ https://issues.apache.org/jira/browse/AMQ-6571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831669#comment-15831669 ]
Gary Tully edited comment on AMQ-6571 at 1/20/17 12:44 PM: ----------------------------------------------------------- Thanks for the patch. I wonder if there is a use case where this option (the cookie policy) should be exposed as a url param. was (Author: gtully): Thanks for the patch. I wonder if there us a use case where this option (the cookie policy) should be exposed as a url param. > HttpClientTransport refuses to accept cookies using `Expires' header > -------------------------------------------------------------------- > > Key: AMQ-6571 > URL: https://issues.apache.org/jira/browse/AMQ-6571 > Project: ActiveMQ > Issue Type: Improvement > Components: Transport > Affects Versions: 5.14.2, 5.14.3 > Reporter: Andrew Flegg > Labels: easyfix > Attachments: cookie-handling.patch, cookie-handling.patch > > > h2. Background > We are using ActiveMQ's [HTTP > transport|http://activemq.apache.org/http-and-https-transports-reference.html] > to connect to brokers hosted in AWS, behind a load balancer. > This transport requires a sticky session (i.e. session affinity) because of > the local map of clients in > [{{HttpTunnelServlet.clients}}|https://github.com/apache/activemq/blob/master/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java#L60] > AWS's classic load balancer sends sticky session cookies with the {{max-age}} > attribute: > {noformat} > AWSELB=2DC7[...]F155;PATH=/;MAX-AGE=36000 > {noformat} > Whereas AWS's new application load balancer, which supports a web application > firewall (WAF), uses the {{Expires}} attribute: > {noformat} > AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/ > {noformat} > As of [RFC 6265|https://tools.ietf.org/html/rfc6265] both {{max-age}} and > {{Expires}} are valid attributes. > h2. Issue > Apache HTTP Client 4.5.2 defaults to a [cookie policy of > {{best-match}}|https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/client/params/CookiePolicy.html]. > When the {{AWSALB}} cookie is received, the cookie is not handled and the > ActiveMQ log contains the following: > {noformat} > 2017-01-19 12:23:58,185 | WARN | Invalid cookie header: "Set-Cookie: > AWSALB=QclQ[...]V2kP; Expires=Tue, 27 Dec 2016 09:31:43 GMT; Path=/". Invalid > 'expires' attribute: Tue, 27 Dec 2016 09:31:43 GMT | > org.apache.http.client.protocol.ResponseProcessCookies | main > {noformat} > h2. Solution > The solution is to change the cookie policy in > {{HttpClientTransport.createHttpClient()}}: > {code:java} > HttpClientParams.setCookiePolicy(params, CookiePolicy.BROWSER_COMPATIBILITY); > {code} > Patch attached. -- This message was sent by Atlassian JIRA (v6.3.4#6332)