Cookie domains, IPv4 and IPv6
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Cookie domains, IPv4 and IPv6
by Richard Achmatowicz-3
::
Rate this Message:
Hello all
I have a HttpClient v3 client interacting with a Tomcat server. Here is a partial trace from the log: DEBUG [main] (?:?) - Open connection to 192.168.0.100:8080 DEBUG [main] (?:?) - >> "GET /setattribute.jsp HTTP/1.1[\r][\n]" DEBUG [main] (?:?) - Adding Host request header DEBUG [main] (?:?) - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]" DEBUG [main] (?:?) - >> "[\r][\n]" DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]" DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; Path=/[\r][\n]" DEBUG [main] (?:?) - << "Content-Type: text/html;charset=ISO-8859-1[\r][\n]" DEBUG [main] (?:?) - << "Content-Length: 167[\r][\n]" DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]" DEBUG [main] (?:?) - << "[\r][\n]" DEBUG [main] (?:?) - Cookie accepted: "$Version=0; JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/" Response status code: 200 Present cookies: Cookies: - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A** Domain:192.168.0.100 Path:/ Date:null DEBUG [main] (?:?) - << "<html>[\n]" DEBUG [main] (?:?) - << "<body>[\n]" DEBUG [main] (?:?) - << "<p>Storing session id in attribute with id: 61Okk1z7KRtSdEM+3Msb4A**[\n]" DEBUG [main] (?:?) - << "</body>[\n]" DEBUG [main] (?:?) - << "</html>[\n]" DEBUG [main] (?:?) - Resorting to protocol version default close connection policy DEBUG [main] (?:?) - Should NOT close connection, using HTTP/1.1 DEBUG [main] (?:?) - Releasing connection back to connection manager. DEBUG [main] (?:?) - >> "GET /getattribute.jsp HTTP/1.1[\r][\n]" DEBUG [main] (?:?) - Adding Host request header DEBUG [main] (?:?) - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]" DEBUG [main] (?:?) - >> "Cookie: $Version=0; JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]" DEBUG [main] (?:?) - >> "[\r][\n]" DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]" DEBUG [main] (?:?) - << "X-Powered-By DEBUG [main] (?:?) - << "Content-Type: text/html;charset=ISO-8859-1[\r][\n]" DEBUG [main] (?:?) - << "Content-Length: 122[\r][\n]" DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]" DEBUG [main] (?:?) - << "[\r][\n]" Response status code: 200 Present cookies: Cookies: - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A** Domain:192.168.0.100 Path:/ Date:null DEBUG [main] (?:?) - << "<p>Retrieve the session id from attribute:[\n]" DEBUG [main] (?:?) - << "61Okk1z7KRtSdEM+3Msb4A**</p>" As you can see, a cookie is exchanged between the server and the client, and then the client sends the cooke back to the server when it calls getattribute.jsp to retrieve the attribute value set earlier. Here is my understanding: (i) in the first interaction, the server does not assign a domain to the cookie in its Set-Cookie header DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; Path=/[\r][\n]" (ii) in the first interaction, HttpClient receives the Set-Cookie header, finds with no domain, and so assings the domain to be the hostname of the server (taken from the URL) Present cookies: Cookies: - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A** Domain:192.168.0.100 Path:/ Date:null (iii) in the second interaction, the client looks for cookies with the same domain as the hostname in the URL and finds a match and so sends the cookie along with the request DEBUG [main] (?:?) - >> "Cookie: $Version=0; JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]" So it seems to me that, in the absence of hostnames bsing used in URLs, HttpClient can handle IP literal names and use them as domain names, setting, matching, etc. I need to do exactly the same thing with IPv6 literal addresses. However, when I run the same program with IPv6 addreesses, cookies are thrown out. For example: 2009-10-21 16:30:56,002 WARN [org.apache.commons.httpclient.HttpMethodBase] Cookie rejected: "$Version=0; JSESSIONID=AQYACiGZiyqiFpeNHDA1Ug**; $Path=/". Illegal domain attribute "[fec0". Domain of origin: "[fec0:0:a16:ffff::11]" My question: is it possible *in any way* to use IPv6 literals as domain names as was done above for IPv4 (e.g. by using a less stringent cooking management policy)? It's rather natural to want to use IPv6 literals in URLs.... Or is it always required to use domain names (e.g fully qualified host names) when working with HttpClient and IPv6 addresses? Does the same situation exist with HttpClient v4? Thanks for your help ! Richard |
|
|
Re: Cookie domains, IPv4 and IPv6
by Richard Achmatowicz-3
::
Rate this Message:
Answering my own question:
I applied the fix mentioned in https://issues.apache.org/jira/browse/HTTPCLIENT-654 to httpclient version 3 and it now treats IPv6 address literals just as IPv6 literals are handled below. On Wed, Nov 4, 2009 at 7:40 PM, Richard Achmatowicz < richard.achmatowicz@...> wrote: > Hello all > > I have a HttpClient v3 client interacting with a Tomcat server. Here is a > partial trace from the log: > > DEBUG [main] (?:?) - Open connection to 192.168.0.100:8080 > DEBUG [main] (?:?) - >> "GET /setattribute.jsp HTTP/1.1[\r][\n]" > DEBUG [main] (?:?) - Adding Host request header > DEBUG [main] (?:?) - >> "User-Agent: Jakarta > Commons-HttpClient/3.1[\r][\n]" > DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]" > DEBUG [main] (?:?) - >> "[\r][\n]" > DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" > DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" > DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]" > DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; > Path=/[\r][\n]" > DEBUG [main] (?:?) - << "Content-Type: > text/html;charset=ISO-8859-1[\r][\n]" > DEBUG [main] (?:?) - << "Content-Length: 167[\r][\n]" > DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]" > DEBUG [main] (?:?) - << "[\r][\n]" > DEBUG [main] (?:?) - Cookie accepted: "$Version=0; > JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/" > Response status code: 200 > Present cookies: > Cookies: > - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A** > Domain:192.168.0.100 > Path:/ > Date:null > DEBUG [main] (?:?) - << "<html>[\n]" > DEBUG [main] (?:?) - << "<body>[\n]" > DEBUG [main] (?:?) - << "<p>Storing session id in attribute with id: > 61Okk1z7KRtSdEM+3Msb4A**[\n]" > DEBUG [main] (?:?) - << "</body>[\n]" > DEBUG [main] (?:?) - << "</html>[\n]" > DEBUG [main] (?:?) - Resorting to protocol version default close connection > policy > DEBUG [main] (?:?) - Should NOT close connection, using HTTP/1.1 > DEBUG [main] (?:?) - Releasing connection back to connection manager. > DEBUG [main] (?:?) - >> "GET /getattribute.jsp HTTP/1.1[\r][\n]" > DEBUG [main] (?:?) - Adding Host request header > DEBUG [main] (?:?) - >> "User-Agent: Jakarta > Commons-HttpClient/3.1[\r][\n]" > DEBUG [main] (?:?) - >> "Host: 192.168.0.100:8080[\r][\n]" > DEBUG [main] (?:?) - >> "Cookie: $Version=0; > JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]" > DEBUG [main] (?:?) - >> "[\r][\n]" > DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" > DEBUG [main] (?:?) - << "HTTP/1.1 200 OK[\r][\n]" > DEBUG [main] (?:?) - << "Server: Apache-Coyote/1.1[\r][\n]" > DEBUG [main] (?:?) - << "X-Powered-By > DEBUG [main] (?:?) - << "Content-Type: > text/html;charset=ISO-8859-1[\r][\n]" > DEBUG [main] (?:?) - << "Content-Length: 122[\r][\n]" > DEBUG [main] (?:?) - << "Date: Wed, 04 Nov 2009 23:48:17 GMT[\r][\n]" > DEBUG [main] (?:?) - << "[\r][\n]" > Response status code: 200 > Present cookies: > Cookies: > - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A** > Domain:192.168.0.100 > Path:/ > Date:null > DEBUG [main] (?:?) - << "<p>Retrieve the session id from attribute:[\n]" > DEBUG [main] (?:?) - << "61Okk1z7KRtSdEM+3Msb4A**</p>" > > As you can see, a cookie is exchanged between the server and the client, > and then the client sends the cooke back to the server when it calls > getattribute.jsp to retrieve the attribute value set earlier. > > Here is my understanding: > (i) in the first interaction, the server does not assign a domain to the > cookie in its Set-Cookie header > > DEBUG [main] (?:?) - << "Set-Cookie: JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; > Path=/[\r][\n]" > > (ii) in the first interaction, HttpClient receives the Set-Cookie header, > finds with no domain, and so assings the domain to be the hostname of the > server (taken from the URL) > > Present cookies: > Cookies: > - JSESSIONID=61Okk1z7KRtSdEM+3Msb4A** > Domain:192.168.0.100 > Path:/ > Date:null > > (iii) in the second interaction, the client looks for cookies with the same > domain as the hostname in the URL and finds a match and so sends the cookie > along with the request > > DEBUG [main] (?:?) - >> "Cookie: $Version=0; > JSESSIONID=61Okk1z7KRtSdEM+3Msb4A**; $Path=/[\r][\n]" > > So it seems to me that, in the absence of hostnames bsing used in URLs, > HttpClient can handle IP literal names and use them as domain names, > setting, matching, etc. > > I need to do exactly the same thing with IPv6 literal addresses. However, > when I run the same program with IPv6 addreesses, cookies are thrown out. > For example: > > 2009-10-21 16:30:56,002 WARN [org.apache.commons.httpclient.HttpMethodBase] > Cookie rejected: "$Version=0; JSESSIONID=AQYACiGZiyqiFpeNHDA1Ug**; $Path=/". > Illegal domain attribute "[fec0". Domain of origin: "[fec0:0:a16:ffff::11]" > > My question: is it possible *in any way* to use IPv6 literals as domain > names as was done above for IPv4 (e.g. by using a less stringent cooking > management policy)? It's rather natural to want to use IPv6 literals in > URLs.... > > Or is it always required to use domain names (e.g fully qualified host > names) when working with HttpClient and IPv6 addresses? > > Does the same situation exist with HttpClient v4? > > Thanks for your help ! > > Richard > > |
| Free embeddable forum powered by Nabble | Forum Help |
