-
Bug
-
Resolution: Fixed
-
P4
-
9.0.4
-
x86_64
-
windows_10
FULL PRODUCT VERSION :
java version "9.0.4"
Java(TM) SE Runtime Environment (build 9.0.4+11)
Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.16299.309]
A DESCRIPTION OF THE PROBLEM :
The HttpClient.send method sends the HTTP request with cookies from Cookie manager inserted in the header but in a wrong format, the Cookies in HTTP request header section should look like:
---other headers---
Cookie: key0=value0;key1=value1
---other headers---
But the HttpClient.send generate individual headers for each cookies, which looks like:
---other headers----
Cookie: key0=value0
Cookie: key1=value1
---other headers----
According to "RFC 6265 HTTP State Management Mechanism" stated, " MUST NOT attach more than one Cookie header field".
The internal mechanism is in jdk.incubator.http.CookieFilter line 59, proves the Cookies stores separately in systemHeaders intentionally.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Construct a HttpClient with CookieManager.
Add several cookies into the CookieManager.
Ready for Capture the request
Send an request.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A request with header contains only one Cookie field.
ACTUAL -
A request with muti Cookie headers
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
HttpClient httpClient = HttpClient
.newBuilder()
.cookieManager(new CookieManager())
// For fiddler
.proxy(ProxySelector.of(new InetSocketAddress(InetAddress.getLoopbackAddress(), 8888)))
.build();
CookieManager cm = httpClient.cookieManager().get();
cm.put(
URI.create("http://localhost:8080/"),
Map.of("set-cookie", List.of("key1=value1", "key2=value2"))
);
httpClient.send(
HttpRequest
.newBuilder()
.uri(URI.create("http://localhost:8080/"))
.GET()
.build()
,
HttpResponse.BodyHandler.asString()
);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Prevent from using CookieManager to store and process Cookies, use customize header to simulate.
java version "9.0.4"
Java(TM) SE Runtime Environment (build 9.0.4+11)
Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 10.0.16299.309]
A DESCRIPTION OF THE PROBLEM :
The HttpClient.send method sends the HTTP request with cookies from Cookie manager inserted in the header but in a wrong format, the Cookies in HTTP request header section should look like:
---other headers---
Cookie: key0=value0;key1=value1
---other headers---
But the HttpClient.send generate individual headers for each cookies, which looks like:
---other headers----
Cookie: key0=value0
Cookie: key1=value1
---other headers----
According to "RFC 6265 HTTP State Management Mechanism" stated, " MUST NOT attach more than one Cookie header field".
The internal mechanism is in jdk.incubator.http.CookieFilter line 59, proves the Cookies stores separately in systemHeaders intentionally.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Construct a HttpClient with CookieManager.
Add several cookies into the CookieManager.
Ready for Capture the request
Send an request.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A request with header contains only one Cookie field.
ACTUAL -
A request with muti Cookie headers
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
HttpClient httpClient = HttpClient
.newBuilder()
.cookieManager(new CookieManager())
// For fiddler
.proxy(ProxySelector.of(new InetSocketAddress(InetAddress.getLoopbackAddress(), 8888)))
.build();
CookieManager cm = httpClient.cookieManager().get();
cm.put(
URI.create("http://localhost:8080/"),
Map.of("set-cookie", List.of("key1=value1", "key2=value2"))
);
httpClient.send(
HttpRequest
.newBuilder()
.uri(URI.create("http://localhost:8080/"))
.GET()
.build()
,
HttpResponse.BodyHandler.asString()
);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Prevent from using CookieManager to store and process Cookies, use customize header to simulate.