Cookie Authentication Patch

  • Fraser

    Fraser - 2011-06-26

    Hi All,

    I’ve got a patch for adding basic cookie auth support to RSSOwl. Is this
    something that you’d be interested in adding to the mainline?

    It uses a delimiter in the URL to signify cookie data. Example: http://rss.ex;password=1234

    When DefaultProtocolHandler is preparing the http connection it checks for
    this delimiter and if it exists each of the key/value pairs becomes a cookie
    that is sent with the request. So, the example above has two cookies, and the
    one named "user" has a content of "me" etc etc.

    The delimiting format isn't one I'd choose myself, but some other clients
    already use this format so I figured it made sense to be consistent as sites
    that use this form of auth often have a guide/faq for it. uTorrent's feed
    reader is one such example, see
    here for their documentation.

    If this is something that the community feels is worth adding then I will
    gladly post the changes up.



  • Anonymous - 2011-06-27

    Feel free to attach it to an enhancement request in our issue tracker (find it
    here at SourceForge). Is there usecases for this patch, e.g. can you provide
    examples of feeds where only this way of authentication works?

  • Fraser

    Fraser - 2011-06-29

    Cool, I will do that right now. Not many sites use this for auth because not
    many RSS feed readers can handle it. I'm using it with a site that likes to
    keep it's profile low but when I was googling the problem I found discussions
    where Sharepoint and Drupal based sites have this issue. To be honest the site
    should handle it better by not using cookie auth and redirects, seems to
    mostly affect in-house systems where RSS was tacked onto existing web
    services. A google for "rss cookie authentication" throws up lots of
    discussion on it.

    In terms of symptoms, for me RSS Owl reported the following error:

    error 302 the http server returned a redirect error that would lead to an
    infinite loop

    Seemed like the site was redirecting the cookie-deficient request to the same

  • Fraser

    Fraser - 2011-06-30

    New feature request is here.

  • Anonymous - 2011-06-30



Log in to post a comment.