-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ClientSession is leaking cookies across hostnames #792
Comments
|
Yes, the issue describes a very serious bug. |
|
Thanks @panda73111 for your PR. I use aiohttp to crawl half the internet and I could not explain why my outbound traffic was 20x inbound, until I ran tcpdump ;-) |
|
Fixed by Cookie filter #799 |
Since ClientSession does not link cookies to hostnames, all cookies are sent with every request made using the same session. This leaks cookies across hostnames. Even when using a seperate session for each hostname specific request, the session cookies are sent across HTTP 3xx redirects.
The intuitive fix would be connecting the cookies to their hostname within ClientSession. I'll try to write a patch and test cases if no one has a better idea.
The text was updated successfully, but these errors were encountered: