Warning "Invalid cookie header: ... Invalid 'expires' attribute"

Describe the bug

In my application using the AWS SDK to access an S3 bucket I get in my logs several WARN messages coming from the SDK managed ApacheHttClient.

Example:

2021-04-19 14:34:27.916  WARN 1 --- [   scheduling-1] o.a.h.c.protocol.ResponseProcessCookies  : Invalid cookie header: "Set-Cookie: AWSALB=IBgdfz13kcSqIebR9wDO4YsKku18wWVpnUE3SJjeOftddRj3F53UR9JAROlBRszd0rvjkzC5++wCOOvvNbyjEydLjwUeo7VT01zlt89RgskYeAw683mPa3SLKGlM; Expires=Mon, 26 Apr 2021 14:34:27 GMT; Path=/". Invalid 'expires' attribute: Mon, 26 Apr 2021 14:34:27 GMT,
2021-04-19 14:34:27.917  WARN 1 --- [   scheduling-1] o.a.h.c.protocol.ResponseProcessCookies  : Invalid cookie header: "Set-Cookie: AWSALBCORS=IBgdfz13kcSqIebR9wDO4YsKku18wWVpnUE3SJjeOftddRj3F53UR9JAROlBRszd0rvjkzC5++wCOOvvNbyjEydLjwUeo7VT01zlt89RgskYeAw683mPa3SLKGlM; Expires=Mon, 26 Apr 2021 14:34:27 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Mon, 26 Apr 2021 14:34:27 GMT,
2021-04-19 14:34:29.969  WARN 1 --- [   scheduling-1] o.a.h.c.protocol.ResponseProcessCookies  : Invalid cookie header: "Set-Cookie: AWSALB=L4KrWVU0sxSV5e0fJm3WsK+zBQBaNrtMnUjY8TuwIIG5B2/IzLHgz4gOWcrG5xFiIkYrHZ4dnIpdiGKDsmdumeOozBFnhC8ue6pPOXFD8V2se9oBRCgQS+K0aTdB; Expires=Mon, 26 Apr 2021 14:34:29 GMT; Path=/". Invalid 'expires' attribute: Mon, 26 Apr 2021 14:34:29 GMT,
2021-04-19 14:34:29.970  WARN 1 --- [   scheduling-1] o.a.h.c.protocol.ResponseProcessCookies  : Invalid cookie header: "Set-Cookie: AWSALBCORS=L4KrWVU0sxSV5e0fJm3WsK+zBQBaNrtMnUjY8TuwIIG5B2/IzLHgz4gOWcrG5xFiIkYrHZ4dnIpdiGKDsmdumeOozBFnhC8ue6pPOXFD8V2se9oBRCgQS+K0aTdB; Expires=Mon, 26 Apr 2021 14:34:29 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Mon, 26 Apr 2021 14:34:29 GMT

The HttpClient should not emit those warnings.

Possible Solution

According to this StackOverFlow answer the warning is avoidable by using the following HttpClient configuration:

HttpClient httpClient = HttpClients.custom()
        .setDefaultRequestConfig(RequestConfig.custom()
                .setCookieSpec(CookieSpecs.STANDARD).build())
        .build();

But I haven’t found a way to inject the CookieSpec configuration into the Apache HttpClient managed by the SDK.

Your Environment

AWS Java SDK version used: 2.15.60
JDK version used: OpenJDK 11
Operating System and version: Ubuntu Linux 18.04

Issue Analytics

State:
Created 2 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

3reactions

debora-itocommented, Apr 24, 2021

Yeah I couldn’t find a way either. We’ve added this to our backlog, not necessarily a direct access to the CookieSpec config, but a way to fix the warnings you’re seeing in the HttpClient.

2reactions

debora-itocommented, Apr 21, 2021

I feel this is not really a bug, but a feature request to expose the CookieSpec configuration in the SDK Apache HttpClient. I’ll research more about it, maybe there’s a way to configure through an environment variable as a workaround?

Top Results From Across the Web

Fixing HttpClient warning "Invalid expires attribute" using ...

This is the first result on Google when searching Invalid expires attribute . I am using Resteasy as a transitive dependency of Keycloak...

How to fix Invalid cookie header, invalid expires attribute

Fixing invalid expires attribute warning for HttpClient and REASTEasy client.

Help please: Invalid 'expires' attribute : r/Clojure - Reddit

Seems like two different errors to me: the first is due to a malformed header value in the response (the expires value should...

[#HTTPCLIENT-1763] Invalid 'expires' attribute - ASF JIRA

6 to 4.5.2 and suddenly these warnings started appearing: [org.apache.http.client.protocol.ResponseProcessCookies] Invalid cookie header: "Set- ...

"[WARNING] Invalid cookie header" when using driver ...

The cookie in question is malformed. It contains non-standard 'expires' attribute, which, to make matters worse, contains a reserved character (comma) ...