Hi Oleg, I understand that Oleg. But it’s a legacy application which cannot be upgraded at the moment, even though it was my first option as well.
Just in case,someone else has also faced a similar issue. It would be of great help. One thing I forget to add which might of use, my application is acting as a proxy in here. It accepts requests from a client and proxies it to a server thus manually getting all the headers and setting the headers manually in the HttpClient. Thanks. Chirag -----Original Message----- From: Oleg Kalnichevski [mailto:[email protected]] Sent: Monday, December 09, 2013 4:36 PM To: HttpClient User Discussion Subject: Re: Cookie spoofing issue using Commons Http Client 3.1 On Mon, 2013-12-09 at 07:01 +0000, Chirag Dewan wrote: > Hi all, > > I am using Http Client 3.1 in one of my applications. I am using it for a > post request. > > My request flow is like this: > > 1) Client sends a login request. > > 2) Server sends a session id in Set-Cookie(Set-Cookie: sessionid=x) > > 3) Client sends request ,with post data and same session id cookie.( > Cookie: sessionid=x) > > 4) Server responds to the request. > > 5) Client sends another request with 2 session id Cookies,1 from the > previous requests and one other Session id Cookie.( Cookie: sessionid=x & > Cookie: $Version=0; sessionid=y) > > 6) Server unauthorize the client. > > It seems like Client is storing the session cookies,and sending 2 session > cookies in the request and the server rejects the request based on invalid > session id. > > Thanks in advance. > > Chirag > Chirag, HC 3.1 has been at end of life for several years now. It is neither being maintained or supported. It is very unlikely anyone would investigate this issue. Please consider upgrading to HC 4.3 Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
