Invalid cookie header : Unable to parse expires attribute when expires attribute is empty
Solution 1
If you do not mind altering the CookieSpec you can supply your own, more lenient, subclass.
First, create a lenient CookieSpec that will accept null and empty values for the expires attribute, like this:
class LenientCookieSpec extends BrowserCompatSpec {
public LenientCookieSpec() {
super();
registerAttribHandler(ClientCookie.EXPIRES_ATTR, new BasicExpiresHandler(DATE_PATTERNS) {
@Override public void parse(SetCookie cookie, String value) throws MalformedCookieException {
if (TextUtils.isEmpty(value)) {
// You should set whatever you want in cookie
cookie.setExpiryDate(null);
} else {
super.parse(cookie, value);
}
}
});
}
}
Now you need to register & choose this new CookieSpec in your HTTP client.
DefaultHttpClient client = new DefaultHttpClient();
client.getCookieSpecs().register("lenient", new CookieSpecFactory() {
public CookieSpec newInstance(HttpParams params) {
return new LenientCookieSpec();
}
});
HttpClientParams.setCookiePolicy(client.getParams(), "lenient");
Something "like this" could work for you.
Solution 2
I just got the similar warns like below
Invalid cookie header: "Set-Cookie: A3=d=AQABBPA3c18CEOtNC3d8X1pEkCvrf2cxZRIFEgEBAQGJdF99XwAAAAAA_SMAAA&S=AQAAAiTHBvO_oaoz8tCr1A7ArCs; Expires=Wed, 29 Sep 2021 19:34:41 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly". Invalid 'expires' attribute: Wed, 29 Sep 2021 19:34:41 GMT
My env is http client-4.5.12, the reason is that cookiesSpec need to be set.
Way to fix (just ignore other parameters)
requestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
httpclient = HttpClients.custom()
.setDefaultRequestConfig(requestConfig).build();
Here you can change the CookieSpecs.XXX align with your condition, for most case, STANDARD is ok, details can refer latest apache doc https://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/statemgmt.html
NOTES that the HttpClientParams (some pages mentioned before)is a deprecated class, just use RequestConfig as the replacement.
Michael Stilmant
Updated on October 01, 2020Comments
-
Michael Stilmant over 3 years
In an android application, when using
DefaultHttpClientto get an URL content (executing HttpGet) I receive the following warning in logs:W/ResponseProcessCookies(20386): Invalid cookie header: "Set-Cookie: NSC_vbue_iuuq=ffff660; expires=; domain=private.false.name; path=/; isSecure=false". Unable to parse expires attribute:I understand the warning because the
expiresfield does not contain a valid date format. I understand it maybe because it is a 'session cookie' (without being expert). Thread about similar situation in Curl contextSearching the web I found mainly the
.setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.BEST_MATCH (or other) )option to avoid warning by parsing correctly dates that contain a comma.
However, I would like to avoid that log. (not by disabling logs) I believe internally all is fine since "I GUESS",
cookie.setExpiryDate()is simply not called.Do you think I need a specific configuration of my HTTP client (I've not set specific configurations) to avoid that warning or to support empty expires?
Thanks.
-
Michael Stilmant about 12 yearsThanks for that comment. Should work indeed and I wasn't aware I could do it like that. But I wondering now if the server cookie format with this empty expires can be expected? I'm not the owner of the server, so should I report to the server owner about the situation? Regards,
-
Jens about 12 yearsWell, it's not ideal that they are sending out bad cookies - otoh, I believe all the
CookieSpecimplementations in Apache are a tad bit anal about parsing sometimes. -
Michael Stilmant about 12 yearsJust reviewed the rfc2109 about that and seems that I misunderstood the fact that expires=; is not valid when reviewing comments like in codeproject.com/Articles/3106/… where "blank" date refer to date like (01-Jan-0001 00:00:00
