I'd rather people opt in to extra functionality (we don't even require TLS by default, though gRPC itself does in Java).
On that note, I see a somewhat related proposal for sessions in Flight; it's worth thinking if that can just be built on top of cookies: https://issues.apache.org/jira/browse/ARROW-10427 David On 10/30/20, James Duong <[email protected]> wrote: > Thanks for the feedback David. > > I'll add a client builder option to make it more convenient to enable. > Actually, would it make sense for something like this to be enabled by > default? > > There's no drawback when connecting to FlightServers that don't use > cookies other than a bit of overhead searching for the Set-Cookie header. > > On Fri, Oct 30, 2020 at 7:05 AM David Li <[email protected]> wrote: > >> Hey James, >> >> I looked over the PR and it seems quite straightforward - thanks for >> contributing this. >> >> Best, >> David >> >> On 10/29/20, James Duong <[email protected]> wrote: >> > Hi all, >> > >> > I've created a PR for changing the Java FlightClient to have the >> > ability >> to >> > send/receive cookie headers: >> > https://github.com/apache/arrow/pull/8554 >> > >> > I ran into a few apparent bugs in the JDK HttpCookie.parse method >> > though: >> > >> > - The HttpCookie class treats Max-Age=-1 as a sentinel to say there >> > is >> > no expiration. However the RFC spec for Set-Cookie says that any >> > zero >> or >> > negative max-age should result in instant expiration of the cookie. >> The >> > JDK's HttpCookie class doesn't differentiate between these two cases >> in >> > the >> > isExpired function. >> > - The HttpCookie.parse method is supposed to return a list of >> > multiple >> > cookies when using a Set-Cookie2 header containing multiple cookies, >> but >> > this doesn't seem to work. You wind up getting a single cookie with >> the >> > original input separated by comma. >> > >> > I have tests exposing these two issues that are marked as Ignore for >> > now. >> > >> > -- >> > >> > *James Duong* >> > Lead Software Developer >> > Bit Quill Technologies Inc. >> > Direct: +1.604.562.6082 | [email protected] >> > https://www.bitquilltech.com >> > >> > This email message is for the sole use of the intended recipient(s) and >> may >> > contain confidential and privileged information. Any unauthorized >> review, >> > use, disclosure, or distribution is prohibited. If you are not the >> > intended recipient, please contact the sender by reply email and >> > destroy >> > all copies of the original message. Thank you. >> > >> > > > -- > > *James Duong* > Lead Software Developer > Bit Quill Technologies Inc. > Direct: +1.604.562.6082 | [email protected] > https://www.bitquilltech.com > > This email message is for the sole use of the intended recipient(s) and may > contain confidential and privileged information. Any unauthorized review, > use, disclosure, or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all copies of the original message. Thank you. >
