|
|
|
|
|
|
Overview
|
IntroductionHttpClient supports automatic management of cookies, including allowing the server to set cookies and automatically return them to the server when required. It is also possible to manually set cookies to be sent to the server. Unfortunately, there are several at times conflicting standards for handling Cookies: the Netscape Cookie draft, RFC2109, RFC2965 and a large number of vendor specific implementations that are compliant with neither specification. To deal with this, HttpClient provides policy driven cookie management. This guide will explain how to use the different cookie specifications and identify some of the common problems people have when using Cookies and HttpClient. Available SpecificationsThe following cookie specifications are supported by HttpClient. Netscape DraftThe Netscape draft is the original cookie specification which formed the basis for RFC2109. Despite this it has some significant differences with RFC2109 and thus may be required for compatibility with some servers. The Netscape cookie draft is available at http://wp.netscape.com/newsref/std/cookie_spec.html RFC2109RFC2109 is the first official cookie specification released by the W3C. Theoretically, all servers that handle version 1 cookies should use this specification and as such this specification is used by default within HttpClient. Unfortunately, many servers either incorrectly implement this standard or are still using the Netscape draft so occasionally this specification is too strict. If this is the case, you should switch to the compatibility specification as described below. RFC2109 is available at http://www.w3.org/Protocols/rfc2109/rfc2109.txt CompatibilityThe compatibility specification is designed to be compatible with as many different servers as possible even if they are not completely standards compliant. If you are encountering problems with parsing cookies, you should probably try using this specification. Unsupported SpecificationsThe following cookie specifications are not presently supported by HttpClient. RFC2965RFC2965 defines cookie version 2 and attempts to address the shortcomings of the RFC2109 regarding cookie version 1. RFC2965 is intended to eventually supersede RFC2109. Currently HttpClient does not implement this specification. Support for version 2 cookies will be added in the future RFC2965 is available at http://www.zvon.org/tmRFC/RFC2965/Output/ Specifying the SpecificationThere is two ways to specify which cookie specification should be used, either for each HttpState instance, or by setting the default for newly created HttpState instances. Per HttpStateIn most cases, the best way to set which cookie specification to use
is using the
HttpClient client = new HttpClient();
client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
DefaultThe default cookie specification can be set by setting the system
property
This setting will be used by any newly created HttpState objects, however existing HttpState instances will not be affected.
System.setProperty("apache.commons.httpclient.cookiespec", "COMPATIBILITY");
Common ProblemsThe most common problems encountered with parsing cookies is due to non-compliant servers. In these cases, switching to the compatibility cookie specification usually solves the problem. Encoding IssuesSince cookies are transfered as HTTP Headers they are confined to the US-ASCII character set. Other characters will be lost or mangeled. Cookies are typically set and read by the same server, so a custom scheme for escaping non-ASCII characters can be used, for instance the well-established URL encoding scheme. If cookies are used to transfer data between server and client both parties must agree on the escaping scheme used in a custom way. The HttpClient cookie implementation provides no special means to handle non-ASCII characters nor does it issue warnings. |