Invalid cookie header : Unable to parse expires attribute when expires attribute is empty

Question

In an android application, when using DefaultHttpClient to get an URL content (executing HttpGet) I receive the following warning in logs:

W/ResponseProcessCookies(20386): Invalid cookie header: "Set-Cookie: NSC_vbue_iuuq=ffff660; expires=; domain=private.false.name; path=/; isSecure=false". Unable to parse expires attribute:

I understand the warning because the expires field does not contain a valid date format. I understand it maybe because it is a 'session cookie' (without being expert). Thread about similar situation in Curl context

Searching the web I found mainly the

.setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.BEST_MATCH (or other) )

option to avoid warning by parsing correctly dates that contain a comma.

However, I would like to avoid that log. (not by disabling logs) I believe internally all is fine since "I GUESS", cookie.setExpiryDate() is simply not called.

Do you think I need a specific configuration of my HTTP client (I've not set specific configurations) to avoid that warning or to support empty expires?

Thanks.

Answer 1

If you do not mind altering the CookieSpec you can supply your own, more lenient, subclass.

First, create a lenient CookieSpec that will accept null and empty values for the expires attribute, like this:

class LenientCookieSpec extends BrowserCompatSpec {
    public LenientCookieSpec() {
        super();
        registerAttribHandler(ClientCookie.EXPIRES_ATTR, new BasicExpiresHandler(DATE_PATTERNS) {
            @Override public void parse(SetCookie cookie, String value) throws MalformedCookieException {
                if (TextUtils.isEmpty(value)) {
                    // You should set whatever you want in cookie
                    cookie.setExpiryDate(null);
                } else {
                    super.parse(cookie, value);
                }
            }
        });
    }
}

Now you need to register & choose this new CookieSpec in your HTTP client.

DefaultHttpClient client = new DefaultHttpClient();
client.getCookieSpecs().register("lenient", new CookieSpecFactory() {
        public CookieSpec newInstance(HttpParams params) {
            return new LenientCookieSpec();
        }
    });
HttpClientParams.setCookiePolicy(client.getParams(), "lenient");

Something "like this" could work for you.

Answer 2

I just got the similar warns like below

Invalid cookie header: "Set-Cookie: A3=d=AQABBPA3c18CEOtNC3d8X1pEkCvrf2cxZRIFEgEBAQGJdF99XwAAAAAA_SMAAA&S=AQAAAiTHBvO_oaoz8tCr1A7ArCs; Expires=Wed, 29 Sep 2021 19:34:41 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly". Invalid 'expires' attribute: Wed, 29 Sep 2021 19:34:41 GMT

My env is http client-4.5.12, the reason is that cookiesSpec need to be set.

Way to fix (just ignore other parameters)

requestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();

        httpclient = HttpClients.custom()
               .setDefaultRequestConfig(requestConfig).build();

Here you can change the CookieSpecs.XXX align with your condition, for most case, STANDARD is ok, details can refer latest apache doc https://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/statemgmt.html

NOTES that the HttpClientParams (some pages mentioned before)is a deprecated class, just use RequestConfig as the replacement.