How can I get a missing cookie with android ? In Firefox yes appear

Question

I can get a cookie with firefox, but not with android.

This is the code:

HttpParams httpparams = new BasicHttpParams();                          
httpparams.setParameter(ClientPNames.COOKIE_POLICY,CookiePolicy.BROWSER_COMPATIBILITY);

HttpGet httpget = new HttpGet(sURL);
httpget.setParams(httpparams);
httpget.setHeader("User-Agent","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2");
httpget.setHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
httpget.setHeader("Accept-Language", "es-mx,es;q=0.8,en-us;q=0.5,en;q=0.3");
httpget.setHeader("Accept-Encoding", "gzip,deflate");
httpget.setHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7");
httpget.setHeader("Keep-Alive", "115");

BasicHttpResponse response = (BasicHttpResponse) httpclient.execute(httpget);

Using wireshrack I saw:

GET /login.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-mx,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Host: www.conquerclub.com
Connection: Keep-Alive

and the response is using my code:

HTTP/1.1 200 OK
Date: Mon, 09 Aug 2010 05:41:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.13
Set-Cookie: referer=%5Bdirect%5D; path=/
Set-Cookie: referer60=%5Bdirect%5D; expires=Wed, 08-Sep-2010 05:41:38 GMT; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

but whith Firefox the response is

HTTP/1.1 200 OK
Date: Mon, 09 Aug 2010 05:11:13 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.13
Set-Cookie: referer=%5Bdirect%5D; path=/
Set-Cookie: referer60=%5Bdirect%5D; expires=Wed, 08-Sep-2010 05:11:13 GMT; path=/
Set-Cookie: PHPSESSID=sv8f6ro571t9rv999mu6jtkbu3; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4324
Connection: close
Content-Type: text/html

again using wireshark to see firefox I got this:

GET / HTTP/1.1
Host: www.conquerclub.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-mx,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

It is the same, but the server don't respond this line

Set-Cookie: PHPSESSID=sv8f6ro571t9rv999mu6jtkbu3; path=/; HttpOnly

why? any idea would be very well receive.

Answer 1

I came across a similar problem with android. This happens because of the cookie origin policy in Browser compatibility mode. The HTTP client in android is rejecting the cookie because the cookie's path does not match the current requested document's path.

e.g. if your cookie path is: /mypath, and your cookie is originating from: /mypath/myAdditionalPath, the http client will reject the cookie (internally throwing a MalformedCookieException). But browsers will accept such cookies.

To workaround this problem in your code, you will have to implement your own cookie spec the one that extends from BrowserCompatSpec. Here's some sample skeleton code:

   public class MyCookieSpec extends BrowserCompatSpec {

      @Override
      public void validate(Cookie cookie, CookieOrigin origin) throws 
             MalformedCookieException {
         if(cookie == null) {
            throw new IllegalArgumentException("Cookie cannot be null");
         }
         if(origin == null) {
            throw new IllegalArgumentException("Cookie origin cannot be null");
         }


         // use these logs to see what is the difference between paths of the 
         // cookieOrigin and the cookie.
         String pth = cookie.getPath();
         Log.i(TAG, "Cookie ====================================> " + cookie);
         Log.i(TAG, "CookieOrigin ====================================> " + origin);

         // Check if the cookie is from the same domain, if so return silently
         // or else throw a MalformedCookieException

      }

      @Override
      public boolean match(Cookie cookie, CookieOrigin origin) {
         if(cookie == null) {
            throw new IllegalArgumentException("Cookie cannot be null");
         }
         if(origin == null) {
            throw new IllegalArgumentException("Cookie origin cannot be null");
         }
         if(Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "Matching cookie " + cookie + " with origin " + origin);
         }

         // if the cookie is originating from the same domain as of the origin
         // return true or return false. Be careful here and only return true if
         // the cookie is originating from the same domain as that of what is in the 
         // cookie's path
         return true;
      }
   }

To register and use this cookie spec with your http client, use the following:

  DefaultHttpClient httpClient = new DefaultHttpClient(cm, params);
  httpClient.getCookieSpecs().register("myspec", new CookieSpecFactory() {

     public CookieSpec newInstance(HttpParams hp) {
        return new MyCookieSpec();
     }
  });
  httpClient.getParams().setParameter(ClientPNames.COOKIE_POLICY, "myspec");

Answer 2

Sorry guys. I realized that i made a mistake With firefox, I request www.conquerclub.com with path "/" BUT using my code I request www.conquerclub.com with path "/login.php"

After I deleted it "login.php", the request return 3 cookies