Is it safe to use HttpClientFactory?
In my asp.net core MVC application, I'm using HttpClientFactory to create HttpClient object for requests to API server.
Follows Microsoft document, HttpClient object is created new for each time I call HttpClientFactory.CreateClient(), so it will be safe for setting values to HttpClient.DefaultRequestHeaders.
About HttpMessageHandler objects, because they are pooled and can be re-used later. So, if they hold cookies information (For example: setting cookies to HttpClientHandler object), we will violate thread-safe.
Is my assumption is correct? How could we deal with this problem?
Is it OK if we set cookie in HttpRequestMessage, then we will send it with HttpClient?
asp.net asp.net-core .net-core httpclient httpclientfactory
asked Dec 21 '18 at 8:38
tuqtuq
787
add a comment |
In my asp.net core MVC application, I'm using HttpClientFactory to create HttpClient object for requests to API server.
Follows Microsoft document, HttpClient object is created new for each time I call HttpClientFactory.CreateClient(), so it will be safe for setting values to HttpClient.DefaultRequestHeaders.
About HttpMessageHandler objects, because they are pooled and can be re-used later. So, if they hold cookies information (For example: setting cookies to HttpClientHandler object), we will violate thread-safe.
Is my assumption is correct? How could we deal with this problem?
Is it OK if we set cookie in HttpRequestMessage, then we will send it with HttpClient?
asp.net asp.net-core .net-core httpclient httpclientfactory
asked Dec 21 '18 at 8:38
tuqtuq
787
You should use 1HttpClientinstance and useSendAsyncif you need to manipulate headers and/or cookies and such. Read more here. Note that the article only highlights the problem, if you need to manipulate the various shared state information in theHttpClientyou need to useSendAsyncinstead.
– Lasse Vågsæther Karlsen
Dec 21 '18 at 8:41
@LasseVågsætherKarlsen, in asp.net core, we should useHttpClientFactoryto createHttpClientobject. As you said, we're also able to use singleton forHttpClient, but it will cause a problem: github.com/dotnet/corefx/issues/11224. I just wonder if we useHttpClientFactory, the pooledHttpClientHandlerobjects can causes problems to thread-safe.
– tuq
Dec 21 '18 at 15:05
TheCookieContainerclass itself is thread safe. You can see the code yourself for the cookie container when it manipulates the cookies array.
– Simply Ged
Dec 22 '18 at 1:24
@SimplyGed, maybe the CookieContainer is thread-safe itself, but when it is used in case of HttpClientFactory, it can cause the problem. For example:1. HttpClient1 send request to API api/checkAccessStatus=>2. API check if Request1.Cookie contains "HasAccessed" key, if not, set Response.Cookie["HasAccessed"] = true=>3. (From other user) HttpClient2 send request to API api/checkAccessStatus=>4. Since HttpClient2 is created with HttpClientFactory, it can have same HttpHandler (same CookieContainer). API will see that Request.Cookie["HasAccessed"] is true=> Wrong
– tuq
Dec 25 '18 at 4:38
add a comment |
In my asp.net core MVC application, I'm using HttpClientFactory to create HttpClient object for requests to API server.
Follows Microsoft document, HttpClient object is created new for each time I call HttpClientFactory.CreateClient(), so it will be safe for setting values to HttpClient.DefaultRequestHeaders.
About HttpMessageHandler objects, because they are pooled and can be re-used later. So, if they hold cookies information (For example: setting cookies to HttpClientHandler object), we will violate thread-safe.
Is my assumption is correct? How could we deal with this problem?
Is it OK if we set cookie in HttpRequestMessage, then we will send it with HttpClient?
asp.net asp.net-core .net-core httpclient httpclientfactory
asked Dec 21 '18 at 8:38
tuqtuq
787
In my asp.net core MVC application, I'm using HttpClientFactory to create HttpClient object for requests to API server.
Follows Microsoft document, HttpClient object is created new for each time I call HttpClientFactory.CreateClient(), so it will be safe for setting values to HttpClient.DefaultRequestHeaders.
About HttpMessageHandler objects, because they are pooled and can be re-used later. So, if they hold cookies information (For example: setting cookies to HttpClientHandler object), we will violate thread-safe.
Is my assumption is correct? How could we deal with this problem?
Is it OK if we set cookie in HttpRequestMessage, then we will send it with HttpClient?
asp.net asp.net-core .net-core httpclient httpclientfactory
asp.net asp.net-core .net-core httpclient httpclientfactory
asked Dec 21 '18 at 8:38
tuqtuq
787
asked Dec 21 '18 at 8:38
tuqtuq
787
asked Dec 21 '18 at 8:38
tuqtuq
787
asked Dec 21 '18 at 8:38
tuqtuq
787
asked Dec 21 '18 at 8:38
tuqtuq
787
787
You should use 1HttpClientinstance and useSendAsyncif you need to manipulate headers and/or cookies and such. Read more here. Note that the article only highlights the problem, if you need to manipulate the various shared state information in theHttpClientyou need to useSendAsyncinstead.
– Lasse Vågsæther Karlsen
Dec 21 '18 at 8:41
@LasseVågsætherKarlsen, in asp.net core, we should useHttpClientFactoryto createHttpClientobject. As you said, we're also able to use singleton forHttpClient, but it will cause a problem: github.com/dotnet/corefx/issues/11224. I just wonder if we useHttpClientFactory, the pooledHttpClientHandlerobjects can causes problems to thread-safe.
– tuq
Dec 21 '18 at 15:05
TheCookieContainerclass itself is thread safe. You can see the code yourself for the cookie container when it manipulates the cookies array.
– Simply Ged
Dec 22 '18 at 1:24
@SimplyGed, maybe the CookieContainer is thread-safe itself, but when it is used in case of HttpClientFactory, it can cause the problem. For example:1. HttpClient1 send request to API api/checkAccessStatus=>2. API check if Request1.Cookie contains "HasAccessed" key, if not, set Response.Cookie["HasAccessed"] = true=>3. (From other user) HttpClient2 send request to API api/checkAccessStatus=>4. Since HttpClient2 is created with HttpClientFactory, it can have same HttpHandler (same CookieContainer). API will see that Request.Cookie["HasAccessed"] is true=> Wrong
– tuq
Dec 25 '18 at 4:38
add a comment |
You should use 1HttpClientinstance and useSendAsyncif you need to manipulate headers and/or cookies and such. Read more here. Note that the article only highlights the problem, if you need to manipulate the various shared state information in theHttpClientyou need to useSendAsyncinstead.
– Lasse Vågsæther Karlsen
Dec 21 '18 at 8:41
@LasseVågsætherKarlsen, in asp.net core, we should useHttpClientFactoryto createHttpClientobject. As you said, we're also able to use singleton forHttpClient, but it will cause a problem: github.com/dotnet/corefx/issues/11224. I just wonder if we useHttpClientFactory, the pooledHttpClientHandlerobjects can causes problems to thread-safe.
– tuq
Dec 21 '18 at 15:05
TheCookieContainerclass itself is thread safe. You can see the code yourself for the cookie container when it manipulates the cookies array.
– Simply Ged
Dec 22 '18 at 1:24
@SimplyGed, maybe the CookieContainer is thread-safe itself, but when it is used in case of HttpClientFactory, it can cause the problem. For example:1. HttpClient1 send request to API api/checkAccessStatus=>2. API check if Request1.Cookie contains "HasAccessed" key, if not, set Response.Cookie["HasAccessed"] = true=>3. (From other user) HttpClient2 send request to API api/checkAccessStatus=>4. Since HttpClient2 is created with HttpClientFactory, it can have same HttpHandler (same CookieContainer). API will see that Request.Cookie["HasAccessed"] is true=> Wrong
– tuq
Dec 25 '18 at 4:38
You should use 1
HttpClient instance and use SendAsync if you need to manipulate headers and/or cookies and such. Read more here. Note that the article only highlights the problem, if you need to manipulate the various shared state information in the HttpClient you need to use SendAsync instead.– Lasse Vågsæther Karlsen
Dec 21 '18 at 8:41
You should use 1
HttpClient instance and use SendAsync if you need to manipulate headers and/or cookies and such. Read more here. Note that the article only highlights the problem, if you need to manipulate the various shared state information in the HttpClient you need to use SendAsync instead.– Lasse Vågsæther Karlsen
Dec 21 '18 at 8:41
@LasseVågsætherKarlsen, in asp.net core, we should use
HttpClientFactory to create HttpClient object. As you said, we're also able to use singleton for HttpClient, but it will cause a problem: github.com/dotnet/corefx/issues/11224. I just wonder if we use HttpClientFactory, the pooled HttpClientHandler objects can causes problems to thread-safe.– tuq
Dec 21 '18 at 15:05
@LasseVågsætherKarlsen, in asp.net core, we should use
HttpClientFactory to create HttpClient object. As you said, we're also able to use singleton for HttpClient, but it will cause a problem: github.com/dotnet/corefx/issues/11224. I just wonder if we use HttpClientFactory, the pooled HttpClientHandler objects can causes problems to thread-safe.– tuq
Dec 21 '18 at 15:05
The
CookieContainer class itself is thread safe. You can see the code yourself for the cookie container when it manipulates the cookies array.– Simply Ged
Dec 22 '18 at 1:24
The
CookieContainer class itself is thread safe. You can see the code yourself for the cookie container when it manipulates the cookies array.– Simply Ged
Dec 22 '18 at 1:24
@SimplyGed, maybe the CookieContainer is thread-safe itself, but when it is used in case of HttpClientFactory, it can cause the problem. For example:
1. HttpClient1 send request to API api/checkAccessStatus => 2. API check if Request1.Cookie contains "HasAccessed" key, if not, set Response.Cookie["HasAccessed"] = true => 3. (From other user) HttpClient2 send request to API api/checkAccessStatus => 4. Since HttpClient2 is created with HttpClientFactory, it can have same HttpHandler (same CookieContainer). API will see that Request.Cookie["HasAccessed"] is true => Wrong– tuq
Dec 25 '18 at 4:38
@SimplyGed, maybe the CookieContainer is thread-safe itself, but when it is used in case of HttpClientFactory, it can cause the problem. For example:
1. HttpClient1 send request to API api/checkAccessStatus => 2. API check if Request1.Cookie contains "HasAccessed" key, if not, set Response.Cookie["HasAccessed"] = true => 3. (From other user) HttpClient2 send request to API api/checkAccessStatus => 4. Since HttpClient2 is created with HttpClientFactory, it can have same HttpHandler (same CookieContainer). API will see that Request.Cookie["HasAccessed"] is true => Wrong– tuq
Dec 25 '18 at 4:38
add a comment |
1 Answer
1
active
oldest
votes
I have found the solution to use HttpClientFactory. We should disable CookieContainer of primary HttpMessageHanlder (it's a HttpClientHandler):
services.AddHttpClient("configured-inner-handler")
.ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
UseCookies = false
};
});
answered Dec 28 '18 at 14:22
tuqtuq
787
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53881531%2fis-it-safe-to-use-httpclientfactory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I have found the solution to use HttpClientFactory. We should disable CookieContainer of primary HttpMessageHanlder (it's a HttpClientHandler):
services.AddHttpClient("configured-inner-handler")
.ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
UseCookies = false
};
});
answered Dec 28 '18 at 14:22
tuqtuq
787
add a comment |
I have found the solution to use HttpClientFactory. We should disable CookieContainer of primary HttpMessageHanlder (it's a HttpClientHandler):
services.AddHttpClient("configured-inner-handler")
.ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
UseCookies = false
};
});
answered Dec 28 '18 at 14:22
tuqtuq
787
add a comment |
I have found the solution to use HttpClientFactory. We should disable CookieContainer of primary HttpMessageHanlder (it's a HttpClientHandler):
services.AddHttpClient("configured-inner-handler")
.ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
UseCookies = false
};
});
answered Dec 28 '18 at 14:22
tuqtuq
787
I have found the solution to use HttpClientFactory. We should disable CookieContainer of primary HttpMessageHanlder (it's a HttpClientHandler):
services.AddHttpClient("configured-inner-handler")
.ConfigurePrimaryHttpMessageHandler(() =>
{
return new HttpClientHandler()
{
UseCookies = false
};
});
answered Dec 28 '18 at 14:22
tuqtuq
787
answered Dec 28 '18 at 14:22
tuqtuq
787
answered Dec 28 '18 at 14:22
tuqtuq
787
answered Dec 28 '18 at 14:22
tuqtuq
787
787
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53881531%2fis-it-safe-to-use-httpclientfactory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You should use 1
HttpClientinstance and useSendAsyncif you need to manipulate headers and/or cookies and such. Read more here. Note that the article only highlights the problem, if you need to manipulate the various shared state information in theHttpClientyou need to useSendAsyncinstead.– Lasse Vågsæther Karlsen
Dec 21 '18 at 8:41
@LasseVågsætherKarlsen, in asp.net core, we should use
HttpClientFactoryto createHttpClientobject. As you said, we're also able to use singleton forHttpClient, but it will cause a problem: github.com/dotnet/corefx/issues/11224. I just wonder if we useHttpClientFactory, the pooledHttpClientHandlerobjects can causes problems to thread-safe.– tuq
Dec 21 '18 at 15:05
The
CookieContainerclass itself is thread safe. You can see the code yourself for the cookie container when it manipulates the cookies array.– Simply Ged
Dec 22 '18 at 1:24
@SimplyGed, maybe the CookieContainer is thread-safe itself, but when it is used in case of HttpClientFactory, it can cause the problem. For example:
1. HttpClient1 send request to API api/checkAccessStatus=>2. API check if Request1.Cookie contains "HasAccessed" key, if not, set Response.Cookie["HasAccessed"] = true=>3. (From other user) HttpClient2 send request to API api/checkAccessStatus=>4. Since HttpClient2 is created with HttpClientFactory, it can have same HttpHandler (same CookieContainer). API will see that Request.Cookie["HasAccessed"] is true=> Wrong– tuq
Dec 25 '18 at 4:38