通过HttpClient接受所有Cookie

Question

So this is currently how my app is set up:

1.) Login Activity. 2.) Once logged in, other activities may be fired up that use PHP scripts that require the cookies sent from logging in.

I am using one HttpClient across my app to ensure that the same cookies are used, but my problem is that I am getting 2 of the 3 cookies rejected. I do not care about the validity of the cookies, but I do need them to be accepted. I tried setting the CookiePolicy , but that hasn't worked either. This is what logcat is saying:

11-26 10:33:57.613: WARN/ResponseProcessCookies(271): Cookie rejected: "[version: 0]      [name: cookie_user_id][value: 1][domain: www.trackallthethings.com][path: trackallthethings][expiry: Sun Nov 25 11:33:00 CST 2012]". Illegal path attribute "trackallthethings". Path of origin: "/mobile-api/login.php"

11-26 10:33:57.593: WARN/ResponseProcessCookies(271): Cookie rejected: "[version: 0][name: cookie_session_id][value: 1985208971][domain: www.trackallthethings.com][path: trackallthethings][expiry: Sun Nov 25 11:33:00 CST 2012]". Illegal path attribute "trackallthethings". Path of origin: "/mobile-api/login.php"

I am sure that my actual code is correct (my app still logs in correctly, just doesn't accept the aforementioned cookies), but here it is anyway:

HttpGet httpget = new HttpGet(//MY URL);
HttpResponse response;
response = Main.httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
InputStream in = entity.getContent();

BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuilder sb = new StringBuilder();

From here I use the StringBuilder to simply get the String of the response. Nothing fancy.

I understand that the reason my cookies are being rejected is because of an "Illegal path attribute" (I am running a script at /mobile-api/login.php whereas the cookie will return with a path of just "/" for trackallthethings), but I would like to accept the cookies anyhow. Is there a way to do this?

Answer 1

The issue that you are facing seems to be by design for privacy/security purpose. In general any resource is not allowed to set a cookie it will not be able to receive. Here you are trying to set the cookie with the path trackallthethings from the resource /mobile-api/login.php which obviously is not working.

Here you have following two options

1. Set the cookie with the path which is accessible to both the resources (this may be root '/' ) OR
2. Define a custom cookie policy and Registering your own cookie support. Here is related documentation and example .

Hope this helps.

Answer 2

Since the API of HttpClient seems to change very fast, here is some working example code for HttpClient 4.5.1 to allow all (malformed) cookies:

class EasyCookieSpec extends DefaultCookieSpec {
    @Override
    public void validate(Cookie arg0, CookieOrigin arg1) throws MalformedCookieException {
        //allow all cookies 
    }
}

class EasySpecProvider implements CookieSpecProvider {
    @Override
    public CookieSpec create(HttpContext context) {
        return new EasyCookieSpec();
    }
}

Registry<CookieSpecProvider> r = RegistryBuilder.<CookieSpecProvider>create()
            .register("easy", new EasySpecProvider())
            .build();

CookieStore cookieStore = new BasicCookieStore();

RequestConfig requestConfig = RequestConfig.custom()
            .setCookieSpec("easy")
            .build();

CloseableHttpClient httpclient = HttpClients.custom()
            .setDefaultCookieStore(cookieStore)
            .setDefaultCookieSpecRegistry(r)
            .setDefaultRequestConfig(requestConfig)
            .build();