[
https://issues.apache.org/jira/browse/HTTPCORE-776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17924089#comment-17924089
]
Arturo Bernal edited comment on HTTPCORE-776 at 2/5/25 2:55 PM:
----------------------------------------------------------------
Hi [~shpelda]
[RFC 6265 Section
5.4|https://datatracker.ietf.org/doc/html/rfc6265#section-5.4] clearly states
that user agents MUST NOT attach more than one Cookie header field. In other
words, all cookie pairs should be concatenated into a single Cookie header.
Using getHeader(name) (which assumes only one such header) can therefore
trigger a ProtocolException if multiple headers are present.
Thanks.
was (Author: abernal):
Hi [~shpelda]
[RFC 6265 Section
5.4|https://datatracker.ietf.org/doc/html/rfc6265#section-5.4] clearly states
that user agents MUST NOT attach more than one Cookie header field. In other
words, all cookie pairs should be concatenated into a single Cookie header.
Using getHeader(name) (which assumes only one such header) can therefore
trigger a ProtocolException if multiple headers are present. Switching to
getHeaders(name) to correctly handle this situation seems like the right fix.
Thanks.
> Use of multiple "Cookie" headers leads to exception
> ---------------------------------------------------
>
> Key: HTTPCORE-776
> URL: https://issues.apache.org/jira/browse/HTTPCORE-776
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore
> Affects Versions: 5.3.1
> Reporter: shpelda
> Priority: Major
>
> Using multiple Cookie headers leads to exception. In my case they were set
> by apache-cxf:4.0.1, using
> _WebClient.getConfig(cxfClientProxy).getHttpConduit().getCookies().put()_
>
> {code:java}
> Caused by: org.apache.hc.core5.http.ProtocolException: multiple 'Cookie'
> headers found
> at
> org.apache.hc.core5.http.message.HeaderGroup.getHeader(HeaderGroup.java:267)
> at
> org.apache.hc.client5.http.protocol.RequestAddCookies.process(RequestAddCookies.java:94)
> at
> org.apache.hc.core5.http.protocol.DefaultHttpProcessor.process(DefaultHttpProcessor.java:107)
> at
> org.apache.hc.client5.http.impl.async.HttpAsyncMainClientExec$1.produceRequest(HttpAsyncMainClientExec.java:153)
> at
> org.apache.hc.core5.http.impl.nio.ClientHttp1StreamHandler.produceOutput(ClientHttp1StreamHandler.java:186)
> at
> org.apache.hc.core5.http.impl.nio.ClientHttp1StreamDuplexer.execute(ClientHttp1StreamDuplexer.java:326)
> at
> org.apache.hc.core5.http.impl.nio.AbstractHttp1StreamDuplexer.processCommands(AbstractHttp1StreamDuplexer.java:242)
> at
> org.apache.hc.core5.http.impl.nio.AbstractHttp1StreamDuplexer.onOutput(AbstractHttp1StreamDuplexer.java:389)
> at
> org.apache.hc.core5.http.impl.nio.AbstractHttp1IOEventHandler.outputReady(AbstractHttp1IOEventHandler.java:73)
> at
> org.apache.hc.core5.http.impl.nio.ClientHttp1IOEventHandler.outputReady(ClientHttp1IOEventHandler.java:41)
> at
> org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:153)
> at
> org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
> at
> org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:176)
> at
> org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:125)
> at
> org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:92)
> at
> org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
> at java.base/java.lang.Thread.run(Thread.java:833) {code}
> I think that this code should use _getHeaders(name)_ instead:
> [https://hc.apache.org/httpcomponents-client-5.4.x/5.4.1/httpclient5/xref/org/apache/hc/client5/http/protocol/RequestAddCookies.html#L94]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
