Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

After upgrading to Apache HttpClient 4.4 it does not send cookies with requests

Tags:

java

cookies

apache-httpclient-4.x

I am using the Apache HttpClient to send requests to our internal API servers. The servers require authentication and need a cookie to be set with an auth token.

Up to HttpClient 4.3.6 this has been working fine, but on 4.4 and above it has stopped sending the cookies on requests. My cookie domain is set to .subdomain.mycompany.com, which works for 4.3.6, but not 4.4 and above. If I'm more specific and give the full host as the cookie domain, i.e. host.subdomain.mycompany.com it works, but this is not a solution.

Here's a code snippet similar to what I'm doing:

public CloseableHttpResponse execute(CloseableHttpClient httpClient) throws IOException {
    BasicClientCookie cookie = new BasicClientCookie("cookieName", "myAuthtoken");
    cookie.setPath("/");
    cookie.setDomain(".subdomain.mycompany.com");
    cookie.setSecure(false);
    HttpContext localContext = new BasicHttpContext(parentContext);
    CookieStore cookieStore = new BasicCookieStore();
    cookieStore.addCookie(cookie);
    localContext.setAttribute(HttpClientContext.COOKIE_STORE, cookieStore);
    return httpClient.execute(target, request, localContext);
}

The httpClient is already constructed and passed into this code which sets the auth cookie.

I saw this, which is similar Cookies getting ignored in Apache httpclient 4.4, but in my case the cookies aren't being sent to the server.

After turning on wire logging in the HttpClient I can see the following in 4.3.6, but not in 4.4 and above:

DEBUG [org.apache.http.client.protocol.RequestAddCookies] Cookie [version: 0][name: cookieName][value: authToken][domain: .subdomain.mycompany.com][path: /][expiry: Wed Jul 15 16:07:05 IST 2015] match [host.subdomain.mycompany.com:80/myApi]

Which leads me to think it's something to do with cookie domain matching. Anyone have any ideas? Thanks.

like image 478
Colin Kennedy Avatar asked Jul 14 '15 16:07

Colin Kennedy

1 Answers

I have debugged the example code. The problem is at BasicDomainHandler.match(Cookie, CookieOrigin) line: 129 as it expects org.apache.http.cookie.ClientCookie.DOMAIN_ATTR to be set in order to match full host name from URL to cookie domain. So you need to add the following line to your code, after you set the domain:

cookie.setAttribute(ClientCookie.DOMAIN_ATTR, "true");

The change was added with revision 1646864 on 12/19/14, 10:59 PM:

RFC 6265 compliant cookie spec

like image 191
Anton Krosnev Avatar answered Nov 01 '22 20:11

Anton Krosnev
Sign in to Comment

Related questions

Grouping a squence is subsequences with a given sum with lexicographical priority
Possible to query by key instead of value in Hazelcast (using Predicates)?
How to allow empty strings in String.split()? [duplicate]
How to enable Weblogic 12.1.2 JPA 2.1
How can Java programs crash when exceptions must always be caught? [duplicate]
Can I inject primitive variable into mocked class using annotation?
Selenium WebDriver - Unexpected modal dialog Alert
Open jar file using JRE on Mac
java.util.ServiceConfigurationError when running tests using arquillian+omnifaces
How to solve com.sun.org.apache.xml.internal.security package does not exist in netbean javafx application
Android package organization
Boolean true value in Hibernate
case: static binding? dynamic binding?
@Inject and @PostConstruct not working in singleton pattern
How can I find the target of a Java8 method reference?
How can I add namespace declarations in a SOAPEnvelope
How to handle exceptions that occur when instantiating a class object
How to set/remember scrollbar thumb position in JavaFX 8 WebView?
Optional plus sign with java.text.DecimalFormat
How to implement WebSocketContainer into StandardWebSocketClient class

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!