Oleg Kalnichevski <[email protected]> wrote on 04/17/2012 05:09:11 PM:
> On Tue, 2012-04-17 at 08:52 -0500, [email protected] wrote: > > Does HTTPClient4 have any known issues with having spaces in cookies? > > > > White spaces in cookie values are legal for legacy (Netscape style) > cookies and for standard HTTP cookies as long as they are enclosed with > quotation marks. Cookie values with white spaces not enclosed with > quotation marks may be treated as ambiguous by the strict (standard > compliant) cookie policies. My understanding of both specifications is that Netscape disallowed whitespace unless you used URL Encoding or a similar encoding, though it did not specify one in particular, and that in RFC 2109 (and the newer one too) the value was defined as a being either a token (no white space or special characters) or a quoted string. > > > I have a webapp I am working with, and some of the cookies have spaces in > > the value. This does not present a problem in my browser, but it does in > > the app i am using (specifically, jmeter 2.6). I do have it set to use > > "compatibility" mode. > > > > The odd thing is, when I look in jmeter logs & results, in fiddler and even > > in the Apache logs, I see the full cookie value, even the space and text > > after it. However, my tomcat logs show the cookie value being truncated at > > the space. > > > > As a separate test, I did create a java project of my own that does the > > same set of requests I am using in jmeter - and I got the same results > > where I am unable to login successfully, and again due to that space - even > > though the line that prints the cookies shows the full cookies. > > > > Any ideas or suggestions? > > > > If you post the exact cookie header your application is having the > problem with I should be able to tell how different cookie policies > would end up handling it. I was going through stuff again to find the headers, and find them exact as I could, and then suddenly I noticed something I had missed before. What is causing this problem is a bug that was "resolved" as "won't fix" Httpclient is stripping the quotes from the value section of the cookie. See: https://issues.apache.org/jira/browse/HTTPCLIENT-1006 I would have to agree with Marc that this is wrong behavior, especially for a "browser compatibility" mode, though even under the various RFCs this is wrong as they explicitly state that a quoted string is valid and legal for value, and you can't have a quoted string without quotes. I am using httpclient 4.1.3 in my direct tests and whatever version of httpclient is used with Jmeter 2.6 R1237317 >From reading that one bug report, it looks like I will have to make some changes to the cookie policy specification, though I am unsure how to do that. I did a little looking yesterday and wasn't really able to find much on how to actually do that, so if I could be pointed in the direction of how to do that, I would appreciate it (I can program, but I am an admin not a programmer). Lee Lowder This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS ยง 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
