![]() Version: 9.4.12.v20180830 |
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
Jetty HTTP client supports cookies out of the box.
The HttpClient
instance receives cookies from HTTP responses and stores them in a java.net.CookieStore
, a class that is part of the JDK.
When new requests are made, the cookie store is consulted and if there are matching cookies (that is, cookies that are not expired and that match domain and path of the request) then they are added to the requests.
Applications can programmatically access the cookie store to find the cookies that have been set:
CookieStore cookieStore = httpClient.getCookieStore();
List<HttpCookie> cookies = cookieStore.get(URI.create("http://domain.com/path"));
Applications can also programmatically set cookies as if they were returned from a HTTP response:
CookieStore cookieStore = httpClient.getCookieStore();
HttpCookie cookie = new HttpCookie("foo", "bar");
cookie.setDomain("domain.com");
cookie.setPath("/");
cookie.setMaxAge(TimeUnit.DAYS.toSeconds(1));
cookieStore.add(URI.create("http://domain.com"), cookie);
Cookies may be added only for a particular request:
ContentResponse response = httpClient.newRequest("http://domain.com/path")
.cookie(new HttpCookie("foo", "bar"))
.send();
You can remove cookies that you do not want to be sent in future HTTP requests:
CookieStore cookieStore = httpClient.getCookieStore();
URI uri = URI.create("http://domain.com");
List<HttpCookie> cookies = cookieStore.get(uri);
for (HttpCookie cookie : cookies)
cookieStore.remove(uri, cookie);
If you want to totally disable cookie handling, you can install a HttpCookieStore.Empty
instance in this way:
httpClient.setCookieStore(new HttpCookieStore.Empty());
You can enable cookie filtering by installing a cookie store that performs the filtering logic in this way:
httpClient.setCookieStore(new GoogleOnlyCookieStore());
public class GoogleOnlyCookieStore extends HttpCookieStore
{
@Override
public void add(URI uri, HttpCookie cookie)
{
if (uri.getHost().endsWith("google.com"))
super.add(uri, cookie);
}
}
The example above will retain only cookies that come from the google.com
domain or sub-domains.
Jetty is compliant with RFC6265, and as such care must be taken when setting a cookie value that includes special characters such as ;
.
Previously, Version=1 cookies defined in RFC2109 (and continued in RFC2965) allowed for special/reserved characters to be enclosed within double quotes when declared in a Set-Cookie
response header:
Set-Cookie: foo="bar;baz";Version=1;Path="/secur"
This was added to the HTTP Response header as follows:
Cookie cookie = new Cookie("foo", "bar;baz");
cookie.setPath("/secur");
response.addCookie(cookie);
The introduction of RFC6265 has rendered this approach no longer possible; users are now required to encode cookie values that use these special characters.
This can be done utilizing javax.servlet.http.Cookie
as follows:
Cookie cookie = new Cookie("foo", URLEncoder.encode("bar;baz", "utf-8"));
Jetty validates all cookie names and values being added to the HttpServletResponse
via the addCookie(Cookie)
method.
If an illegal value is discovered Jetty will throw an IllegalArgumentException
with the details.