On Sun, 2007-04-15 at 09:48 -0400, Tom Muldoon wrote: > It appears that the HttpOnly cookie attribute is not recognized by the > CookieSpec class (in both HttpClient 3.0 and 3.1rc). i.e. the following > message is logged ... > > CookieSpec - Unrecognized cookie attribute: name=HttpOnly, value=null > > This appears to be a bit of a show stopper, as the server redirects the > subsequent request back to the Login page after a seemingly successful > login. In looking at the cookie that is included in the subsequent > request, the HttpOnly attribute is missing altogether. > > So, does HttpClient support HttpOnly cookie attribute??? >
Tom, I am not aware of HttpOnly attribute mentioned anywhere in RFC2109 or RFC2965. HttpClient does not support cookie attributes that are not defined in the HTTP state management specification. Hope this helps Oleg > Thanks in advance, > > Tom > > PS. Pardon me if this is a double-posting. I did post this a few days ago on > the commons-user list but later realized that it was probably something that > should have been posted to commons-dev. Is commons-user a subset of > commons-dev? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
