HttpClient WARNING: Cookie rejected: Illegal domain attribute

Question

I'm using HttpClient latest version (4.x). And right now I'm trying to do A GET Request. I just posting a Get request.

This is my Code;

public class Poster {

    static boolean routing1 = true, routing2 = true;
    static int counter1 = 0, counter2 = 0;
    DefaultHttpClient oHtp = null;
    HttpGet oHGet = null;
    HttpResponse oHRes = null;


    private void test(String fullAddress) throws Exception {
        oHtp = new DefaultHttpClient();
        oHGet = new HttpGet(fullAddress);

        HttpResponse response = oHtp.execute(oHGet);
        System.out.print(response.getStatusLine());

        HttpEntity entity = response.getEntity();
        if (entity != null) {
            entity = new BufferedHttpEntity(entity);
            //  System.out.println(EntityUtils.toString(entity));
            System.out.print("\t entity is retrieved... ");
        }


        oHtp.getConnectionManager().shutdown();
    }
}

I just execute it nicely. First is

new Poster().test("http://123.xl.co.id/profile.php");

and second is

 new Poster().test("http://goklik.co.id/");

ya, And Only the Second one.... I got this The error message;

Sep 18, 2011 10:11:30 AM org.apache.http.client.protocol.ResponseProcessCookies processCookies WARNING: Cookie rejected: "[version: 0][name: CookiePst][value: 0149=xwGHF7HYDHLHQ84Isp/eSy9vu+Xq6cT12wxg1A==][domain: .mcore.com][path: /][expiry: Sun Sep 18 10:38:59 ICT 2011]". Illegal domain attribute "mcore.com". Domain of origin: "goklik.co.id"

I realized that the Cookie is involved here. But I don't understand what the Warning means. And I also don't know how to solve it (Cookie not being rejected). Hope there is a bit of light to clear my mind from you guys.... :D

Answer 1

Maybe it's too late, but I had the same problem and I've found something that helped me work it out, just set the Cookie Policy to Browser Compability:

httpclient.getParams().setParameter(ClientPNames.COOKIE_POLICY,
        CookiePolicy.BROWSER_COMPATIBILITY);

Here are the possible values:

The cookie policy provides corresponding cookie management interfrace for a given type or version of cookie.

RFC 2109 specification is used per default. Other supported specification can be chosen when appropriate or set default when desired

The following specifications are provided:

• BROWSER_COMPATIBILITY: compatible with the common cookie management practices (even if they are not 100% standards compliant)
• NETSCAPE: Netscape cookie draft compliant
• RFC_2109: RFC2109 compliant (default)
• IGNORE_COOKIES: do not automcatically process cookies

Answer 2

You can't "fix" it. The site is trying to set a cookie it's not allowed to set and the apache client library you're using is telling you about it.

It's trying to set a cookie for mcore.com when the domain is goklik.co.id

Answer 3

Before httpclient 4.3, this answer in the same page is cool.

But since httpclient 4.3, API seems changed a lot, following code would work:

RequestConfig customizedRequestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.BROWSER_COMPATIBILITY).build();
HttpClientBuilder customizedClientBuilder = HttpClients.custom().setDefaultRequestConfig(customizedRequestConfig);
CloseableHttpClient client = customizedClientBuilder.build(); // customized client,

Answer 4

I am using http client 4.5.2 and this is set cookie spec to easy solved my problem. The example of how instantiate client:

httpClient = HttpClients.custom()
                .setDefaultRequestConfig(RequestConfig.custom()
                        // Waiting for a connection from connection manager
                        .setConnectionRequestTimeout(10000)
                        // Waiting for connection to establish
                        .setConnectTimeout(5000)
                        .setExpectContinueEnabled(false)
                        // Waiting for data
                        .setSocketTimeout(5000)
                        .setCookieSpec("easy")
                        .build())
                .setMaxConnPerRoute(20)
                .setMaxConnTotal(100)
                .build();

Answer 5

Here is the simplest way to suppress the warning in v4.5.x (4.5.6 right now) :

HttpClientBuilder clientBuilder = HttpClientBuilder.create();
clientBuilder.disableCookieManagement();
HttpClient httpClient = clientBuilder.build();

Answer 6

Just want to improve Eric's answer, as it doesnt directly solve my scenario but changing CookieSpecs to IGNORE_COOKIES solves my problem.

RequestConfig customizedRequestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.IGNORE_COOKIES).build();
HttpClientBuilder customizedClientBuilder = 
HttpClients.custom().setDefaultRequestConfig(customizedRequestConfig);
CloseableHttpClient client = customizedClientBuilder.build(); // customized client,

Because in my version of HttpClient 4.5 CookieSpecs.BROWSER_COMPATIBILITY is already depreciated.

Answer 7

If you don't need to process cookies you can simply disable it, with org.apache.http.impl.cookie.IgnoreSpecProvider or org.apache.http.impl.cookie.IgnoreSpec depending on what API you use. Calling disableCookieManagement() on HttpClientBuilder is not enough