Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Really weird Cookie header behaviour? - Cookies

I'm using Firefox 3.6.8 for these tests.

I'm setting a cookie within the response headers of my web app using:

Set-Cookie: session=7878dfdsfjsdf89sd89f8df9

This does not seem to override the session Cookie.


When a request is performed instead Firefox even sends duplicate cookies:

Cookie: session=7d75cd8f55895cbccb0d31ee07c7afc0; 
        session=671e8448a5cebda0442005a186cf69a3; 
        4cb6f2d75c9ffc8916cb55bcbaafecd8

What is going on?? Any ideas would be great!! =)


This is quite disastrous in my case... if someone could explain what's going on it would really help me out!

like image 830
RadiantHex Avatar asked Jan 22 '23 17:01

RadiantHex


2 Answers

If you don't specify the path or domain for a cookie when setting it, it defaults to the current path and current hostname. If you then go ahead and try setting the same cookie name from a URL with a different path or hostname, it will add a new cookie instead of replacing the old one.

I suspect what you want to do is just set a cookie with a global path for your site and for your entire domain. So something like this:

Set-Cookie: session=7878dfdsfjsdf89sd89f8df9; path=/; domain=.mysite.com
like image 96
Marc Novakowski Avatar answered Feb 01 '23 02:02

Marc Novakowski


You can delete the previous cookie using the response object.

response.delete_cookie(cookie_key)

The set of cookies is available via the request object in the request.COOKIES dictionary, and you can obtain the key from there.

Since you're using Django, here's how you might do this in the view function:

def my_view(request):
    # do some work and create a response object
    response = HttpResponse(some_content)

    # first delete any previously set cookie named "session"
    if 'session' in request.COOKIES:
        response.delete_cookie('session')

    # set the new cookie
    response.set_cookie('session', <cookie value goes here>')
    return response
like image 37
ars Avatar answered Feb 01 '23 00:02

ars