Hi, we're porting some old code to use httpclient, and I was having trouble with the manual cookie stuff that we do.
We hit a 3rd party web-site (AOL) for some info, and it sets a cookie that we want to grab. I obfuscated the url's and data, but the gist of it is that we hit the url: 2004/03/24 19:06:25:295 PST [DEBUG] wire - ->> "GET /a/b/c/aol HTTP/1.1[\r][\n]" We get back a Set-Cookie: 2004/03/24 19:06:25:535 PST [DEBUG] wire - -<< "Set-Cookie: badsc=cookie-value;path=/X/b/c[\r][\n] I then see this: 2004/03/24 19:06:25:944 PST [WARN] HttpMethodBase - -Cookie rejected: "$Version=0 ; badsc=cookie-value; $Path=/X/b/c". Illegal path attribute "/X/b/c". Path of origin: "/a/b/c/aol" and when I try to look for this cookie in HttpState it isn't there. The above msg is due to this code in CookieSpecBase: if (!path.startsWith(cookie.getPath())) { throw new MalformedCookieException( "Illegal path attribute \"" + cookie.getPath() + "\". Path of origin: \"" + path + "\""); } So the problem is that the path of the cookie starts with /X, when the path of the request started with /a. Our old code worked fine (using std java.net classes) and was able to pull out this cookie. I assume this validity check is due to some RFC requirement. I did try the different policies and got the same error each time. But given that this is 3rd party behavior that we need to support, what is the recommended way to deal with this situation (short of commenting out the code above)?? Thanks.