use*_*484 1 java com.sun.net.httpserver apache-httpclient-4.x
我使用Apache HttpClient和java.sun.net.httpserver作为Server.服务器处理Http-Get请求.首先,服务器使用set-cookie标头设置会话cookie,这是由apache httpclient接受的(根据日志),但问题是cookie永远不会存储,也不会被客户端发送回服务器.我已经使用一些Web浏览器测试了服务器应用程序,并且一切正常.因此问题似乎是在客户端,特别是考虑到所有cookie都被接受与log4j一起登录.
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://localhost]
DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to localhost/127.0.0.1:80
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET /login?pass=2Gi/Kzj9 HTTP/1.1
DEBUG [org.apache.http.headers] >> GET /login?pass=2Gi/Kzj9 HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: localhost
DEBUG [org.apache.http.headers] >> Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 200 OK
DEBUG [org.apache.http.headers] << HTTP/1.1 200 OK
DEBUG [org.apache.http.headers] << Transfer-encoding: chunked
DEBUG [org.apache.http.headers] << Content-type: text/html
DEBUG [org.apache.http.headers] << Set-cookie: SESSID=0.6092204529970631; expires=Tue, 19-4-11 18:28:43 GMT; Max-Age=3600; Path=/; Version="1"
DEBUG [org.apache.http.client.protocol.ResponseProcessCookies] Cookie accepted: "[version: 0][name: SESSID][value: 0.6092204529970631][domain: localhost][path: /][expiry: Sun Apr 19 19:28:43 CET 11]".
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@1bd0dd4
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Get connection for route HttpRoute[{}->http://localhost]
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Stale connection check
DEBUG [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: best-match
DEBUG [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET /newnode?node=/tp HTTP/1.1
DEBUG [org.apache.http.headers] >> GET /newnode?node=/tp HTTP/1.1
DEBUG [org.apache.http.headers] >> Host: localhost
DEBUG [org.apache.http.headers] >> Connection: Keep-Alive
DEBUG [org.apache.http.headers] >> User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
DEBUG [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 200 OK
DEBUG [org.apache.http.headers] << HTTP/1.1 200 OK
DEBUG [org.apache.http.headers] << Transfer-encoding: chunked
DEBUG [org.apache.http.headers] << Content-type: text/html
DEBUG [org.apache.http.headers] << Set-cookie: SESSID=0.9499481656989606; expires=Tue, 19-4-11 18:28:43 GMT; Max-Age=3600; Path=/; Version="1"
DEBUG [org.apache.http.client.protocol.ResponseProcessCookies] Cookie accepted: "[version: 0][name: SESSID][value: 0.9499481656989606][domain: localhost][path: /][expiry: Sun Apr 19 19:28:43 CET 11]".
DEBUG [org.apache.http.impl.client.DefaultHttpClient] Connection can be kept alive indefinitely
DEBUG [org.apache.http.impl.conn.SingleClientConnManager] Releasing connection org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@b5f53a
Set-cookie: SESSID=0.9499481656989606; expires=Tue, 19-4-11 18:28:43 GMT; Max-Age=3600; Path=/; Version="1"
Cookie值有多个问题:
(1)它通过使用带逗号的属性值而不用引号括起来违反了RFC 2109和RFC 2965规范.
(2)到期属性看起来很可疑.我怀疑失效日期设置不正确,而cookie只是在接受的同一时刻到期.此外,版本1 cookie(符合RFC 2109/RFC 2965)甚至不应该首先使用它.
cookie也有Max-Age新的cookie应该使用的属性,但由于cookie格式不正确,HttpClient将cookie视为旧的Netscape样式,并且该Expiry属性优先于Max-Age