Marc Saegesser wrote: >Well, I don't see your cookie dump, but what your going to see on the server >side (since you're running in a servlet) is different than what the client >is going to see (which is what HttpClient is). > >Let me see if I can beat this to death one more time. HttpClient can get >cookies in two ways: 1) from a set-cookie header in an HTTP response or 2) >by an application programmer creating Cookie objects and adding them to the >HttpState. > This bypasses the creation of the header, which somehow is also in the cookie class.
>In case 1 the Cookie's domain will *never* be null. HttpClient does the >right thing (in my opinion) by calling Cookie.parse() with the domain set to >the hostname of the server that sent us the set-cookie header. If the >set-cookie header contains an explicit domain attribute then it updates the >Cookie's domain, otherwise it remains the sending hostname. > >In case 2, someome might call a Cookie constructor with a null domain value. >My opinion is that this should be illegal, and should throw an >IllegalArgumentException. Such a cookie would be useless because we can >never send it to any server. A cookie's domain must match the domain of the >host that the request is going to, so without a domain the cookie should >never be sent. > No, we could never send *it* to any server, but we can construct the header from 'null-domained' cookies, using a valid domain name, and the process would work as advertised. It seems you're missing the 'create header' and use of the cookie class. Or am I missing something? >Now, if someone convinces me that we should allow Cookies to be created with >null domains, then I'll need to make sure that the HttpClient doesn't croak >on them and that we never try to send them to anyone. It just seems easier >and safer to simply prevent such an abomination from ever being created in >the first place. > That's what we did about a month ago - fix Cookie so it could handle null domains and paths *as properties*. The only piece that was left as an unknown issue was creating a header and parsing cookies from it. We do have a 'user' of HttpClient that is using nulls in the cookies domain/path - Cactus. -- dIon Gillard, Multitask Consulting http://adslgateway.multitask.com.au/developers -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
