Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

One-tap login g_state cookie is not parseable on http.cookies SimpleCookie

Tags:

python

request

cookies

google-signin

google-one-tap

I'm trying to integrate Google One-Tap login on our website. For backend, I am using a tornado server that uses http library to parse the Cookie header and setting it. More info about tornado cookie handling here. Basically Google One-Tap login adds this g_state cookie to set the user status on how they interact with the One-Tap modal (source), and it's a behavior that we cannot change without altering the functionality of the plugin.

Now for some reason, when I call self.cookies inside the tornado request handler, it's returning empty even though Cookie header is set. The cookie header looks like this:

Cookie: g_state={"i_l":0}; token="abcde"

For some reason it didnt parse the cookie header properly. Dug up some code for parsing the cookies that tornado is using, and tried different ways to investigate it:

>>> from http.cookies import SimpleCookie
>>> token = 'g_state={"i_l":0};token="abcde"'
>>> dd = SimpleCookie()
>>> dd.load(token)
>>> dd
<SimpleCookie: >

# now try to rearranged the g_state to appear after token
>>> token2 = 'token="abcde";g_state={"i_l":0}'
>>> dd = SimpleCookie()
>>> dd.load(token2)
>>> dd
<SimpleCookie: token='abcde'>

# added sample token after it to check if it parses the cookies after g_state
>>> token2 = 'token="abcde";g_state={"i_l":0};other_token="hijkl"'
>>> dd = SimpleCookie()
>>> dd.load(token2)
>>> dd
<SimpleCookie: token='abcde'>

# without it
>>> token3 = 'token="abcde"'
>>> dd = SimpleCookie()
>>> dd.load(token3)
>>> dd
<SimpleCookie: token='abcde'>

So other cookies are still parsed as long as it's before the g_state cookie. Everything else after that are not parseable. Tried looking this issue up, and it seems theres an issue on http.cookies library on parsing curly bracket cookies (source).

Anyone knows how to format the client request to prevent sending the cookie for g_state or at least find a way to not affect it on parsing all other tokens on the Cookie header? Like maybe rearranging the g_state cookie to always put the end?

like image 749
Fred Avatar asked Oct 27 '25 14:10

Fred

1 Answers

A workaround which is working for me: Javascript deleting the g_state cookie on all of the html pages.

<script>document.cookie = "g_state=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;";</script>
like image 184
Octave Avatar answered Oct 29 '25 03:10

Octave

Sign in to Comment

Related questions

Is there any way to modify the pydevd_file_utils.PATHS_FROM_ECLIPSE_TO_PYTHON value without having to modify that file?
Uncompyle6 convert pyc to py file python 3 (Whole directory)
Arrange boxplots as a grid with seaborn `FacetGrid`
Crop an image in PIL using the 4 points of a rotated rectangle
How can I show transformation of coordinate grid lines in python?
numpy how to speed up tanh?
How do I initialize a dictionary with a list of keys and values as empty sets in python3.6?
import django_filters.rest_framework error
Finding the index of a list in a loop
Better way to identify duplicates in a group in a Pandas dataframe? [duplicate]
FastAPI error when using Annotated in Class dependencies
How to Send a Streaming Response via LlamaIndex to a FastAPI Endpoint?
Hierarchical classification approach to a multiclass problem
Rolling Indexing in Polars?
Langchain RAG with history and citations
parsing an nmap result
Struggling to scrape a telegram public channel with BeautifulSoup

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!