CURL -c option not working properly

[drmistral]

• VSCode Version: 1.14.2
• OS Version: MacOS Sierra 10.12.3
• REST Client Version: 0.15.1

Steps to Reproduce:

1. From a terminal run following curl command (you can change path of -c property):

curl -i -c "/tmp/cookies.txt" "http://httpbin.org/cookies/set?k2=val2&k1=val1"

2. File /tmp/cookies.txt file is created, check it.
3. Delete /tmp/cookies.txt
4. Repeat step 1 from vs rest client, -> file /tmp/cookies.txt is not created.

[drmistral]

Hi Huachao, first of all thanks for developing this extension I found it very usefull. Just an observation hope its help. Options -c and -b works in pair. Typically -c is used while login to a service and -b is used in subsequent calls as session token from previous login.
I have tens of test rest calls working in this way. I separated the problem in two Issues to be clear but -c and -b need to work together.

I read in your docs, that rest client "remember Cookies for subsequent requests", I tried this to workaround -b/-c problem but unfortunately I can't get it working as well.

Thanks

[Huachao]

@drmistral -c option is currently not supported since as you know, my extension already saves received cookies in a file, and you can find the cookie file in ~/.rest-client/cookie.json. So I think if you don't need use -b and -c option in curl request of my extension, and can still work as expected. Since in fact, my extension won't use cURL internally, we just parse the curl request and use other request module.

Do you have any suggestions?

[drmistral]

@Huachao now I see, I supposed the extension was using libcurl....

Ok, In my case i could leave -c -b options and the extension cookie file, but the problem is that, for some unknown reason, this mechanism is not working with my java server.

• When I do the login api call (POST) i check server side it is successfull and cookie.json is updated, but...
• On next call (GET) is not authorized.

At the moment I need to investigate more about why jsessionid is not linked from the received request. I'll let you know if I find why.

My suggestions:

• For implementing -b -c options probably the simplest whay could be just use -c -b respectively to write and read the cookie.json in/from the given path.

• Could be useful to document the list of supported curl parameters and their compatibility with libcurl.

[Huachao]

@drmistral I will document this, and can you check the cookie.json and whether the jsessionid stored in it? And I will first fix the bug in #112

[drmistral]

@Huachao Yes, the jsessionid is stored in cookie.json when i do the login POST.

[Huachao]

@drmistral Can you show me the piece of related cookie and sample GET request

[drmistral]

@Huachao

Login call:

curl -i -X POST --url "http://localhost:8080/myapp-srv/resources/j_spring_security_check?j_username=admin&j_password=admin"

(Login OK)

~/.rest-client/cookie.json:

{"localhost":{"/myapp-srv/":{"JSESSIONID":{"key":"JSESSIONID","value":"8462FD1D6F2E7D3B10C6B2096010CAD2","domain":"localhost","path":"/myapp-srv/","httpOnly":true,"hostOnly":true,"creation":"2017-08-09T08:43:41.738Z","lastAccessed":"2017-08-11T09:59:37.087Z"}}},"192.168.2.41":{"/myapp-srv/":{"JSESSIONID":{"key":"JSESSIONID","value":"4B3E2E144447F6EE88E282380DD047AE","domain":"192.168.2.41","path":"/myapp-srv/","httpOnly":true,"hostOnly":true,"creation":"2017-08-09T10:10:36.670Z","lastAccessed":"2017-08-09T10:10:36.670Z"}}},"api.myapp.com":{"/myapp-srv/":{"JSESSIONID":{"key":"JSESSIONID","value":"A3FCAB5F237A546AA5964B28C955EAB4","domain":"api.myapp.com","path":"/myapp-srv/","httpOnly":true,"hostOnly":true,"creation":"2017-08-09T10:15:48.701Z","lastAccessed":"2017-08-09T10:15:48.701Z"}},"/":{"JSESSIONID":{"key":"JSESSIONID","value":"C4F57401BB9620AA5C130C8CDB3AE265","domain":"api.myapp.com","path":"/","httpOnly":true,"hostOnly":true,"creation":"2017-08-09T10:15:56.648Z","lastAccessed":"2017-08-09T10:15:56.648Z"}}},"httpbin.org":{"/":{}}}

Query call

curl -i --url "http://localhost:8080/myapp-srv/backoffice/boSendPushMessage?alias=58&msg=bo_message&refEventId=EVT_NEW_UPDATES&refEntityId=-1"

Last call behaves like unauthorized.

[drmistral]

@Huachao how the JSESSIONID is passed in subsequent request calls using the extension?

[Huachao]

@drmistral It seems that your cookie has an extra / at the end of the path field, normally the path should be like /foo/bar not /foo/bar/. You can see from Set-Cookie. In my test, if you remove it in cookie.json, it will work. So I think your sever side code should remove the trailing slash in cookie path.

"/myapp-srv": {
            "JSESSIONID": {
                "key": "JSESSIONID",
                "value": "8462FD1D6F2E7D3B10C6B2096010CAD2",
                "domain": "httpbin.org",
                "path": "/myapp-srv",
                "httpOnly": true,
                "hostOnly": true,
                "creation": "2017-08-09T08:43:41.738Z",
                "lastAccessed": "2017-08-11T09:59:37.087Z"
            }
        }

[drmistral]

@Huachao Correct! I tested removing the extra / directly from your cookie.json and it works!
I don't know where the extra / comes from because I'm the Java Spring stuff, I'll check...
Thanx!

[Huachao]

@drmistral I will also look into the request module I use why it behave like this, since cURL can handle as you wish

[drmistral]

@Huachao yes would be great, I checked that even using command line curl, in the response and saved cookie file there is the extra slash. Probably have to be removed in the subsequent calls.

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=DC2CA7A27ECF4B8501B8D72B62998F3C; Path=/myapp-srv/; HttpOnly
Content-Length: 0
Date: Fri, 11 Aug 2017 12:45:58 GMT

File

# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost     FALSE   /myapp-srv/  FALSE   0       JSESSIONID      DC2CA7A27ECF4B8501B8D72B62998F3C

[drmistral]

@Huachao I've found the problem about final cookie path "/".
It is related to Tomcat sessionCookiePathUsesTrailingSlash configuration parameter. As described here setting it to false prevents the final "/" in cookie path and the stuff works.

[Huachao]

@drmistral I also fixed the bug in my side, and in next release of this extension, you can still set the cookie path with trailing slash. And -c and -b options will be supported in the future, so I'd like to put them in backlog. And I will update the README to show available options in cURL

[drmistral]

I've checked this issue removing the Tomcat parameter in order to check your change and it works! Thanks!