升级到 Apache HttpClient 4.4 后,它不会随请求发送 cookie
[英]After upgrading to Apache HttpClient 4.4 it does not send cookies with requests
问题描述
I am using the Apache HttpClient to send requests to our internal API servers.
我正在使用 Apache HttpClient 向我们的内部 API 服务器发送请求。 The servers require authentication and need a cookie to be set with an auth token.服务器需要身份验证,并且需要使用身份验证令牌设置 cookie。
Up to HttpClient 4.3.6 this has been working fine, but on 4.4 and above it has stopped sending the cookies on requests.直到 HttpClient 4.3.6 这一直工作正常,但在 4.4 及更高版本它已停止发送请求的 cookie。 My cookie domain is set to .subdomain.mycompany.com, which works for 4.3.6, but not 4.4 and above.我的 cookie 域设置为 .subdomain.mycompany.com,它适用于 4.3.6,但不适用于 4.4 及更高版本。 If I'm more specific and give the full host as the cookie domain, ie host.subdomain.mycompany.com it works, but this is not a solution.如果我更具体,并提供完整的主机作为 cookie 域,即 host.subdomain.mycompany.com 它可以工作,但这不是解决方案。
Here's a code snippet similar to what I'm doing:这是一个类似于我正在做的代码片段:
public CloseableHttpResponse execute(CloseableHttpClient httpClient) throws IOException {
BasicClientCookie cookie = new BasicClientCookie("cookieName", "myAuthtoken");
cookie.setPath("/");
cookie.setDomain(".subdomain.mycompany.com");
cookie.setSecure(false);
HttpContext localContext = new BasicHttpContext(parentContext);
CookieStore cookieStore = new BasicCookieStore();
cookieStore.addCookie(cookie);
localContext.setAttribute(HttpClientContext.COOKIE_STORE, cookieStore);
return httpClient.execute(target, request, localContext);
}
The httpClient is already constructed and passed into this code which sets the auth cookie. httpClient 已经被构造并传递到这个设置 auth cookie 的代码中。
I saw this, which is similar Cookies getting ignored in Apache httpclient 4.4 , but in my case the cookies aren't being sent to the server.我看到了这一点,这类似于Cookies 在 Apache httpclient 4.4 中被忽略,但在我的情况下,cookies 没有被发送到服务器。
After turning on wire logging in the HttpClient I can see the following in 4.3.6, but not in 4.4 and above:在 HttpClient 中打开有线登录后,我可以在 4.3.6 中看到以下内容,但在 4.4 及更高版本中看不到:
DEBUG [org.apache.http.client.protocol.RequestAddCookies] Cookie [version: 0][name: cookieName][value: authToken][domain: .subdomain.mycompany.com][path: /][expiry: Wed Jul 15 16:07:05 IST 2015] match [host.subdomain.mycompany.com:80/myApi]
Which leads me to think it's something to do with cookie domain matching.这让我认为这与 cookie 域匹配有关。 Anyone have any ideas?谁有想法? Thanks.谢谢。
2 个解决方案
解决方案1
8 已采纳 2015-07-15 11:10:39
I have debugged the example code.我已经调试了示例代码。 The problem is at BasicDomainHandler.match(Cookie, CookieOrigin) line: 129 as it expects org.apache.http.cookie.ClientCookie.DOMAIN_ATTR to be set in order to match full host name from URL to cookie domain.问题出在BasicDomainHandler.match(Cookie, CookieOrigin) line: 129因为它期望设置org.apache.http.cookie.ClientCookie.DOMAIN_ATTR以便将完整的主机名从 URL 匹配到 cookie 域。 So you need to add the following line to your code, after you set the domain:因此,在设置域后,您需要将以下行添加到您的代码中:
cookie.setAttribute(ClientCookie.DOMAIN_ATTR, "true");
The change was added with revision 1646864 on 12/19/14, 10:59 PM:在 14 年 12 月 19 日晚上 10:59 添加了修订版 1646864 的更改:
RFC 6265 compliant cookie spec
解决方案2
0 2020-05-19 17:35:02
As suggested by the other answer, setting something like this should resolve:正如另一个答案所建议的,设置这样的东西应该可以解决:
cookie.setAttribute(ClientCookie.DOMAIN_ATTR, ".subdomain.mycompany.com");
The necessity of setting ClientCookie.DOMAIN_ATTR is is documented in HTTP Components Chapter 3. HTTP state management :设置ClientCookie.DOMAIN_ATTR的必要性记录在HTTP 组件第 3 章中。 HTTP 状态管理:
Here is an example of creating a client-side cookie object:
BasicClientCookie cookie = new BasicClientCookie("name", "value"); // Set effective domain and path attributes cookie.setDomain(".mycompany.com"); cookie.setPath("/"); // Set attributes exactly as sent by the server cookie.setAttribute(ClientCookie.PATH_ATTR, "/"); cookie.setAttribute(ClientCookie.DOMAIN_ATTR, ".mycompany.com");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.