Login/Register
Invalid cookie header : Unable to parse expires attribute when expires attribute is empty
Asked Answered
Solved javaandroidapachecookieshttpclient
A

2

11

In an android application, when using DefaultHttpClient to get an URL content (executing HttpGet) I receive the following warning in logs: 

W/ResponseProcessCookies(20386): Invalid cookie header: "Set-Cookie: NSC_vbue_iuuq=ffff660; expires=; domain=private.false.name; path=/; isSecure=false". Unable to parse expires attribute:

I understand the warning because the expires field does not contain a valid date format. I understand it maybe because it is a 'session cookie' (without being expert). Thread about similar situation in Curl context

Searching the web I found mainly the 

.setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.BEST_MATCH (or other) )

option to avoid warning by parsing correctly dates that contain a comma.

However, I would like to avoid that log. (not by disabling logs) I believe internally all is fine since "I GUESS", cookie.setExpiryDate() is simply not called.

Do you think I need a specific configuration of my HTTP client (I've not set specific configurations) to avoid that warning or to support empty expires?

Thanks.

Addia answered 29/2, 2012 at 14:17 Comment(0)
K
4

If you do not mind altering the CookieSpec you can supply your own, more lenient, subclass.

First, create a lenient CookieSpec that will accept null and empty values for the expires attribute, like this:

class LenientCookieSpec extends BrowserCompatSpec {
    public LenientCookieSpec() {
        super();
        registerAttribHandler(ClientCookie.EXPIRES_ATTR, new BasicExpiresHandler(DATE_PATTERNS) {
            @Override public void parse(SetCookie cookie, String value) throws MalformedCookieException {
                if (TextUtils.isEmpty(value)) {
                    // You should set whatever you want in cookie
                    cookie.setExpiryDate(null);
                } else {
                    super.parse(cookie, value);
                }
            }
        });
    }
}

Now you need to register & choose this new CookieSpec in your HTTP client.

DefaultHttpClient client = new DefaultHttpClient();
client.getCookieSpecs().register("lenient", new CookieSpecFactory() {
        public CookieSpec newInstance(HttpParams params) {
            return new LenientCookieSpec();
        }
    });
HttpClientParams.setCookiePolicy(client.getParams(), "lenient");

Something "like this" could work for you.

Keilakeily answered 29/2, 2012 at 14:42 Comment(3)
Thanks for that comment. Should work indeed and I wasn't aware I could do it like that. But I wondering now if the server cookie format with this empty expires can be expected? I'm not the owner of the server, so should I report to the server owner about the situation? Regards,Addia
Well, it's not ideal that they are sending out bad cookies - otoh, I believe all the CookieSpec implementations in Apache are a tad bit anal about parsing sometimes.Keilakeily
Just reviewed the rfc2109 about that and seems that I misunderstood the fact that expires=; is not valid when reviewing comments like in codeproject.com/Articles/3106/… where "blank" date refer to date like (01-Jan-0001 00:00:00Addia
M
2

I just got the similar warns like below

Invalid cookie header: "Set-Cookie: A3=d=AQABBPA3c18CEOtNC3d8X1pEkCvrf2cxZRIFEgEBAQGJdF99XwAAAAAA_SMAAA&S=AQAAAiTHBvO_oaoz8tCr1A7ArCs; Expires=Wed, 29 Sep 2021 19:34:41 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly". Invalid 'expires' attribute: Wed, 29 Sep 2021 19:34:41 GMT

My env is http client-4.5.12, the reason is that cookiesSpec need to be set.

Way to fix (just ignore other parameters)

requestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();

        httpclient = HttpClients.custom()
               .setDefaultRequestConfig(requestConfig).build();

Here you can change the CookieSpecs.XXX align with your condition, for most case, STANDARD is ok, details can refer latest apache doc https://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/statemgmt.html

NOTES that the HttpClientParams (some pages mentioned before)is a deprecated class, just use RequestConfig as the replacement.

Morphology answered 1/10, 2020 at 9:32 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.