为什么cURL不将cookie的expires / max-age值发送回服务器?

时间:2016-07-31 12:47:25

标签: java curl cookies netty

我在java中使用Netty.io框架构建服务器,我在验证请求时遇到了问题。

在验证请求时,我正在尝试通过检查 sessionId 来验证它,并且到期

if (sessionId == correctSessionId && expiry < currentTime) {
   // then mark the request as authenticated.
}

但每当我向服务器发送请求时(在我登录并收到到期的适当cookie后),服务器端没有收到expiry / max-age。我做错了什么?

登录的卷曲请求:

curl -b cookies.txt -c cookies.txt -POST http://localhost:8080/api/v1/account/login -H 'content-type: application/json' -d '{"mobile": "123", "password": "123"}' -v

输出:

*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /api/v1/account/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> content-type: application/json
> Content-Length: 36
>
* upload completely sent off: 36 out of 36 bytes
< HTTP/1.1 200 OK
* Replaced cookie sessionId="efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==" for domain localhost, path /api/v1/account/, expire 1469968200
< Set-Cookie: sessionId=efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==; Max-Age=180; Expires=Sun, 31 Jul 2016 12:30:00 GMT
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
{"id":"579d3d9902dd1134817edefc","name":"admin","mobile":"123","email":null,"audit":{"createdTime":1469922712940,"createdBy":null,"modifiedTime":1469922712940,"modifiedBy":null}}
  

注意Set-cookie标题及其到期日期。服务器正确发送它。

Cookies.txt文件:

# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

localhost FALSE /api/v1/account/  FALSE 1469968200  sessionId efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==
  

cookies.text还可以正确存储值。

访问需要身份验证的资源的卷曲请求:

curl -c cookies.txt -b cookies.txt -XGET http://localhost:8080/api/v1/account/details -H 'content-type: application/json' -v

它的输出:

*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /api/v1/account/details HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Cookie: sessionId=efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==
> content-type: application/json
>
< HTTP/1.1 401 Unauthorized
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
Session Unauthorized. Please login%
  

发送了SessionId,但没有到期或最大年龄。为什么?

我错过了什么?

1 个答案:

答案 0 :(得分:1)

curl不会发送回来,因为它遵循HTTP cookie协议(请参阅RFC6265),它说客户端应该只为每个cookie发送name=val。过期时间和其他元数据由服务器发送并由客户端处理,但它们永远不会被发回。

相关问题
最新问题