Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cookies being set twice with BrowserContext request

See original GitHub issue

The following code:

var configuration = Configuration.Default.WithDefaultLoader().WithCookies();
var cookieProvider = configuration.Services.OfType<ICookieProvider>().First();
cookieProvider.SetCookie("https://subdomain.my-fully-qualified.url", "foo=bar,baz=quux");
var document = await BrowsingContext.New(configuration).OpenAsync("https://subdomain.my-fully-qualified.url/resource");

causes the cookies foo and baz to be set twice in the request to https://subdomain.my-fully-qualified.url/resource.

I’m using AngleSharp 0.9.9 on .NET Core 2.0 (via the official NuGet package).

Is this a bug, and if not, what is the correct way to set cookies on a BrowsingContext request?

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
IanKempcommented, Nov 18, 2017

Okay, first of all my example was incorrect/incomplete: this issue only occurs for requests to subdomains. The example has been updated to reflect what I’m actually doing.

Secondly, this issue is not fixed in devel, but I can tell you how and why it occurs. The bug lies within the RequestState class in DefaultHttpRequester.cs, in particular the constructor call to SetHeaders() followed by SetCookies():

public RequestState(Request request, IDictionary<String, String> headers)
{
    _cookies = new CookieContainer();
    _headers = headers;
    _request = request;
    _http = WebRequest.Create(request.Address) as HttpWebRequest;
    _http.CookieContainer = _cookies;
    _http.Method = request.Method.ToString().ToUpperInvariant();
    _buffer = new Byte[BufferSize];
    SetHeaders(); // including cookies!
    SetCookies(); // cookies again...
    AllowCompression();
    DisableAutoRedirect();
}

SetHeaders() copies all relevant HTTP headers from the AngleSharp.Io.Request object passed into the constructor to the HttpWebRequest to be dispatched… if these headers contain the Cookie header, it will be copied too. Then, SetCookies() runs and explicitly copies only the Cookie header from the AngleSharp.Io.Request into the HttpWebRequest.CookieContainer.

End result, when the HttpWebRequest is actually executed, the cookies from its CookieContainer are merged with the cookies in its Headers - causing the duplication. At first glance this would seem like a bug in HttpWebRequest, but I’d disagree, because that class is a (relatively) low-level object that doesn’t do handholding (or in this case, cookie disambiguation).

It seems to me that the simplest way to fix this would be to alter SetHeaders to explicitly ignore the Cookie header, when copying headers from AngleSharp.Io.Request to HttpWebRequest.

0reactions
FlorianRapplcommented, Nov 20, 2017

Hi @IanKemp - sounds awesome. Yes, please file a bug with them (pointing to this issue). However, since .NET Core 2 is already released we still need to fix it in AngleSharp in my opinion.

Thanks also for your efforts to confirm my guess 🍺. Really nicely done and much appreciated 🥇 !

Read more comments on GitHub >

github_iconTop Results From Across the Web

cookie is adding twice in browser when page is loaded
am guys am checking cookie is exist or not using Spring Handler ... getProperty("cookieName", "No Value Found"); Cookie[] cookies = request.
Read more >
When using double submit cookies as protection against ...
The way a double submit cookie makes it safer is by requiring an anti-csrf token to be sent both as cookie and as...
Read more >
BrowserContext | Playwright Java
Cookies can be obtained via BrowserContext.cookies(). ... setExpires double (optional) ... Script to be evaluated in all pages in the browser context.
Read more >
Setting state using cookies with Puppeteer and Playwright
This article shows how we can use cookies and the Web Storage APIs to set state in our Puppeteer and Playwright scripts, opening...
Read more >
cookies JavaScript and Node.js code examples
browserContext.cookies(); empty(`cookie ${name} to be set`).assert(cookies.filter(c => c.name ... it('should set cookie twice and not set domain when ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Conditional tags are converted to conditional comments (nuget version 0.9.9)

Next page

QuerySelectorAll - performance