On Mon, 2013-12-09 at 11:22 +0000, Chirag Dewan wrote: > Hi Oleg, > > I understand that Oleg. But it’s a legacy application which cannot be > upgraded at the moment, even though it was my first option as well. >
I understand that, too. Apache HttpComponents is an all-volunteer, community project and we simply have no resources to maintain more than two concurrent branches (stable and dev). Oleg > Just in case,someone else has also faced a similar issue. It would be of > great help. > > One thing I forget to add which might of use, my application is acting as a > proxy in here. It accepts requests from a client and proxies it to a server > thus manually getting all the headers and setting the headers manually in the > HttpClient. > > Thanks. > > Chirag > > -----Original Message----- > From: Oleg Kalnichevski [mailto:[email protected]] > Sent: Monday, December 09, 2013 4:36 PM > To: HttpClient User Discussion > Subject: Re: Cookie spoofing issue using Commons Http Client 3.1 > > On Mon, 2013-12-09 at 07:01 +0000, Chirag Dewan wrote: > > Hi all, > > > > I am using Http Client 3.1 in one of my applications. I am using it for a > > post request. > > > > My request flow is like this: > > > > 1) Client sends a login request. > > > > 2) Server sends a session id in Set-Cookie(Set-Cookie: sessionid=x) > > > > 3) Client sends request ,with post data and same session id cookie.( > > Cookie: sessionid=x) > > > > 4) Server responds to the request. > > > > 5) Client sends another request with 2 session id Cookies,1 from the > > previous requests and one other Session id Cookie.( Cookie: sessionid=x & > > Cookie: $Version=0; sessionid=y) > > > > 6) Server unauthorize the client. > > > > It seems like Client is storing the session cookies,and sending 2 session > > cookies in the request and the server rejects the request based on invalid > > session id. > > > > Thanks in advance. > > > > Chirag > > > > Chirag, > > HC 3.1 has been at end of life for several years now. It is neither being > maintained or supported. It is very unlikely anyone would investigate this > issue. Please consider upgrading to HC 4.3 > > Oleg > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
