... until the collector arrives ...

This "blog" is really just a scratchpad of mine. There is not much of general interest here. Most of the content is scribbled down "live" as I discover things I want to remember. I rarely go back to correct mistakes in older entries. You have been warned :)

2017-05-24

Obsolete Cookie Support in Java

The current HTTP cookie specification is RFC 6265, published back in 2011. It obsoletes RFC 2965 (from 2000) which in turn obsoletes RFC 2109 (1997). RFC 6265 retired support for the pseudo-cookies whose names start with a dollar sign. Such cookies used to be interpreted as cookie attributes (e.g. Path, Version etc). Web servers will now often reject requests containing cookie names that start with "$".

Unfortunately, the Java HTTP client does not yet support RFC 6265 (as of version 8). It still implements RFC 2965 (and supports RFC 2109). In particular, it generates $-prefixed pseudo-cookies and is thus incompatible with many contemporary servers. The incompatibility may manifest as 400 Bad Request errors, and even then only when using secure protocols where HTTP message syntax checking is more stringent.

Use the Apache client instead.

Blog Archive