[ https://issues.apache.org/jira/browse/HADOOP-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14080171#comment-14080171 ]
Alejandro Abdelnur commented on HADOOP-10911: --------------------------------------------- Please don't remove the quotes. By looking at RFC2109: {code} set-cookie = "Set-Cookie:" cookies cookies = 1#cookie cookie = NAME "=" VALUE *(";" cookie-av) NAME = attr VALUE = value cookie-av = "Comment" "=" value | "Domain" "=" value | "Max-Age" "=" value | "Path" "=" value | "Secure" | "Version" "=" 1*DIGIT {code} It seems we are only off with {{Max-Age}} (ignoring HttpOnly which is not breaking things). Good idea on adding a test for HttpClient. > hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109 > --------------------------------------------------------------------------- > > Key: HADOOP-10911 > URL: https://issues.apache.org/jira/browse/HADOOP-10911 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.5.0 > Reporter: Gregory Chanan > Attachments: HADOOP-10911.patch > > > I'm seeing the same problem reported in HADOOP-10710 (that is, httpclient is > unable to authenticate with servers running the authentication filter), even > with HADOOP-10710 applied. > From my reading of the spec, the problem is as follows: > Expires is not a valid directive according to the RFC, though it is mentioned > for backwards compatibility with netscape draft spec. When httpclient sees > "Expires", it parses according to the netscape draft spec, but note from > RFC2109: > {code} > Note that the Expires date format contains embedded spaces, and that "old" > cookies did not have quotes around values. > {code} > and note that AuthenticationFilter puts quotes around the value: > https://github.com/apache/hadoop-common/blob/6b11bff94ebf7d99b3a9e513edd813cb82538400/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java#L437-L439 > So httpclient's parsing appears to be kosher. -- This message was sent by Atlassian JIRA (v6.2#6252)