CookieJar - return 'best-match' and not LIFO

[marq24]

What do these changes do?

The CookieJAR can contain multiple cookies with the identical name (e.g. JSESSIONID) for different paths of the same domain

the filter_cookies have to make sure that the cookie with the best-matching path will be returned. In the current implementation that last matching cookie that was inserted into the JAR will return...

I came across this issue in the situation, that a request to /auth set a SESSION_A, then redirected to / set another (different SESSION_B), redirected me again to /auth where the current implementation returned the SESSION_B for / (instead of the SESSION_A for /auth

I might do things here completely wrong - please excuse - I am far from being a python expert (I consider myself more a newbie)

Tests?

I added an additional test in the cookiejar.py test_path_filter_diff_folder_same_name_return_best_match_independent_from_put_order that fail with the current implementation, but with the change/fix it test is passed

Are there changes in behavior for the user?

IMHO - nope

Related issue number

PRNUM: #7577

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bugfix)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[codecov]

Codecov Report

Merging #7577 (f5ae6da) into master (81c4de1) will increase coverage by 0.09%.
Report is 3 commits behind head on master.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #7577      +/-   ##
==========================================
+ Coverage   97.26%   97.35%   +0.09%     
==========================================
  Files         106      106              
  Lines       31485    31502      +17     
  Branches     2917     3586     +669     
==========================================
+ Hits        30623    30668      +45     
+ Misses        646      630      -16     
+ Partials      216      204      -12     

Flag	Coverage Δ
CI-GHA	97.27% <100.00%> (+0.06%)	⬆️
OS-Linux	96.94% <100.00%> (+0.20%)	⬆️
OS-Windows	95.40% <100.00%> (+<0.01%)	⬆️
OS-macOS	96.60% <100.00%> (?)
Py-3.10.11	95.33% <100.00%> (+<0.01%)	⬆️
Py-3.10.12	?
Py-3.10.13	96.81% <100.00%> (?)
Py-3.11.5	96.51% <100.00%> (?)
Py-3.8.10	95.30% <100.00%> (+<0.01%)	⬆️
Py-3.8.18	96.74% <100.00%> (?)
Py-3.9.13	95.29% <100.00%> (+<0.01%)	⬆️
Py-3.9.17	?
Py-3.9.18	96.77% <100.00%> (?)
Py-pypy7.3.11	96.31% <100.00%> (+<0.01%)	⬆️
VM-macos	96.60% <100.00%> (?)
VM-ubuntu	96.94% <100.00%> (+0.20%)	⬆️
VM-windows	95.40% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
aiohttp/cookiejar.py	98.82% <100.00%> (ø)
tests/test_cookiejar.py	99.15% <100.00%> (+0.04%)	⬆️

... and 10 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[patchback]

Backport to 3.8: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 9c932f7 on top of patchback/backports/3.8/9c932f71ec5a450954cee92ff9450974414ac1d8/pr-7577

Backporting merged PR #7577 into master

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/aio-libs/aiohttp.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/3.8/9c932f71ec5a450954cee92ff9450974414ac1d8/pr-7577 upstream/3.8

4. Now, cherry-pick PR CookieJar - return 'best-match' and not LIFO #7577 contents into that branch:

   $ git cherry-pick -x 9c932f71ec5a450954cee92ff9450974414ac1d8

   If it'll yell at you with something like fatal: Commit 9c932f71ec5a450954cee92ff9450974414ac1d8 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x 9c932f71ec5a450954cee92ff9450974414ac1d8

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR CookieJar - return 'best-match' and not LIFO #7577 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/3.8/9c932f71ec5a450954cee92ff9450974414ac1d8/pr-7577

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[patchback]

Backport to 3.9: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 9c932f7 on top of patchback/backports/3.9/9c932f71ec5a450954cee92ff9450974414ac1d8/pr-7577

Backporting merged PR #7577 into master

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/aio-libs/aiohttp.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/3.9/9c932f71ec5a450954cee92ff9450974414ac1d8/pr-7577 upstream/3.9

4. Now, cherry-pick PR CookieJar - return 'best-match' and not LIFO #7577 contents into that branch:

   $ git cherry-pick -x 9c932f71ec5a450954cee92ff9450974414ac1d8

   If it'll yell at you with something like fatal: Commit 9c932f71ec5a450954cee92ff9450974414ac1d8 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x 9c932f71ec5a450954cee92ff9450974414ac1d8

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR CookieJar - return 'best-match' and not LIFO #7577 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/3.9/9c932f71ec5a450954cee92ff9450974414ac1d8/pr-7577

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[Dreamsorcerer]

Thanks a lot. I've sorted out the backports, so it'll be in the next release.