Introduction

HttpClient supports automatic management of cookies, including allowing the server to set cookies and automatically return them to the server when required. It is also possible to manually set cookies to be sent to the server.

Unfortunately, there are several at times conflicting standards for handling Cookies: the Netscape Cookie draft, RFC2109, RFC2965 and a large number of vendor specific implementations that are compliant with neither specification. To deal with this, HttpClient provides policy driven cookie management. This guide will explain how to use the different cookie specifications and identify some of the common problems people have when using Cookies and HttpClient.

Available Specifications

The following cookie specifications are supported by HttpClient.

Netscape Draft

The Netscape draft is the original cookie specification which formed the basis for RFC2109. Despite this it has some significant differences with RFC2109 and thus may be required for compatibility with some servers.

The Netscape cookie draft is available at http://wp.netscape.com/newsref/std/cookie_spec.html

RFC2109

RFC2109 is the first official cookie specification released by the W3C. Theoretically, all servers that handle version 1 cookies should use this specification and as such this specification is used by default within HttpClient.

Unfortunately, many servers either incorrectly implement this standard or are still using the Netscape draft so occasionally this specification is too strict. If this is the case, you should switch to the compatibility specification as described below.

RFC2109 is available at http://www.w3.org/Protocols/rfc2109/rfc2109.txt

Compatibility

The compatibility specification is designed to be compatible with as many different servers as possible even if they are not completely standards compliant. If you are encountering problems with parsing cookies, you should probably try using this specification.

Unsupported Specifications

The following cookie specifications are not presently supported by HttpClient.

RFC2965

RFC2965 defines cookie version 2 and attempts to address the shortcomings of the RFC2109 regarding cookie version 1. RFC2965 is intended to eventually supersede RFC2109.

Currently HttpClient does not implement this specification. Support for version 2 cookies will be added in the future

RFC2965 is available at http://www.w3.org/Protocols/rfc2965/rfc2965.txt

Specifying the Specification

There is two ways to specify which cookie specification should be used, either for each HttpState instance, or by setting the default for newly created HttpState instances.

Per HttpState

In most cases, the best way to set which cookie specification to use is using the setCookiePolicy(int policy) method on HttpState . Any HttpClient using that HttpState will then use the specified cookie policy. The value of policy should be one of:

  • CookiePolicy.COMPATIBILITY
  • CookiePolicy.NETSCAPE_DRAFT
  • CookiePolicy.RFC2109
        HttpClient client = new HttpClient();
        client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
        

Default

The default cookie specification can be set by setting the system property apache.commons.httpclient.cookiespec to one of:

  • "COMPATIBILITY"
  • "NETSCAPE_DRAFT"
  • "RFC2109"

This setting will be used by any newly created HttpState objects, however existing HttpState instances will not be affected.

        System.setProperty("apache.commons.httpclient.cookiespec", "COMPATIBILITY");
        

Common Problems

The most common problems encountered with parsing cookies is due to non-compliant servers. In these cases, switching to the compatibility cookie specification usually solves the problem.