You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Possible bug: when multiple "cookie" fileds present in Request.headers, instead of separated by ";" under a single "cookie" key, failed to fetch all of them into Request.cookies
#573
Closed
gengjun opened this issue
Dec 18, 2023
· 3 comments
· Fixed by #575
Describe the bug
I see this really odd behavior: when testing my site on my local desktop, without https enabled, I noticed if there're two cookies: one is my session.id, another one is added by a script (such as google analytics) or manually added by hands (google chrome->developer tools -> application -> Cookies), the requests are sent with two cookies under a single cookie key "cookie" when print out req:
I guess this is "correct" behavior since the session can be fetched without problem and works as expected. But when the same thing is tested in production with https enabled, I noticed the two cookies are now in separate keys (yes, the HeaderMap's key is not unique), something like this:
As a result, the session fetched from depot will be None. I think this is the relevant code: request.rs
// Set the request cookies, if they exist.#[cfg(feature = "cookie")]let cookies = ifletSome(header) = headers.get("Cookie"){letmut cookie_jar = CookieJar::new();ifletOk(header) = header.to_str(){for cookie_str in header.split(';').map(|s| s.trim()){ifletOk(cookie) = Cookie::parse_encoded(cookie_str).map(|c| c.into_owned()){
cookie_jar.add_original(cookie);}}}
cookie_jar
}else{CookieJar::new()};
To Reproduce
As described above, I can only reproduce this with acme / https enabled.
Expected behavior
all cookies should be put into Request.cookies, thus session can be fetched from CookieStore as expected.
Desktop (please complete the following information):
OS: ubuntu 22.04.3 LTS
Browser: google chrome
Version: Version 117.0.5938.92 (Official Build) (64-bit)
The text was updated successfully, but these errors were encountered:
Describe the bug
I see this really odd behavior: when testing my site on my local desktop, without https enabled, I noticed if there're two cookies: one is my session.id, another one is added by a script (such as google analytics) or manually added by hands (google chrome->developer tools -> application -> Cookies), the requests are sent with two cookies under a single cookie key "cookie" when print out req:
I guess this is "correct" behavior since the session can be fetched without problem and works as expected. But when the same thing is tested in production with https enabled, I noticed the two cookies are now in separate keys (yes, the HeaderMap's key is not unique), something like this:
If I print out req.cookies(), it only contains the first cookie:
As a result, the session fetched from depot will be None. I think this is the relevant code:
request.rs
To Reproduce
As described above, I can only reproduce this with acme / https enabled.
Expected behavior
all cookies should be put into Request.cookies, thus session can be fetched from CookieStore as expected.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: