Session cookie is lost after redirecting

[jonasraoni]

Current behavior

Considering a simple:

cy.visit('/');

And the HTTP response below:

HTTP/1.1 302 Found
Host: 127.0.0.1:8080
Date: Sun, 08 Jan 2023 16:07:27 GMT
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: SESSION_ID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
Set-Cookie: SESSION_ID=new_cookie_value
Location: next-url
Content-type: text/html; charset=UTF-8

Notice the Set-Cookie, first removing a cookie, then recreating it, and the presence of the Location header

When Cypress goes to the redirected URL, the cookie is lost.

If I remove the Location header from the response and redirect manually with another cy.visit('/next-url'); OR if I drop the first Set-Cookie header (the one which deletes the cookie), then everything works fine.

Desired behavior

I expect Cypress to behave like the browser, which understands the last Set-Cookie should keep/recreate the cookie.

Test code to reproduce

Small sample available above, I might fork the https://github.com/cypress-io/cypress-test-tiny later, but definitely not at this moment.

Cypress Version

12.2.0

Node version

18.11.0

Operating System

Windows 10

Debug Logs

No response

Other

Original report is here: #19800 (comment)

[AtofStryker]

Hey @jonasraoni. Hope you have been well and thank you for opening an issue. Would you be able to help me get a minimum reproduction repository up and running? I don't think it has to be much. Maybe visiting a webpage that sets the session cookies you expect and then run it in the browser vs Cypress? I think you might be able to do that with cypress-test-tiny.

I do wonder if it works without a 302 redirect but the reproduction will help us confirm.

[jonasraoni]

Would you be able to help me get a minimum reproduction repository up and running?

I'll take a look later, for now I'm a bit overloaded to inspect other repos. I just can confirm it happened with another person using another SO/environment.

I do wonder if it works without a 302 redirect but the reproduction will help us confirm

Yes, I wrote about it above, if I drop the Location header, it works fine. Redirecting manually with another cy.visit() also works.

[DobQA]

Im seeing something similar, are you only getting this issue on Chromium based browsers. For myself no issues firefox and Safari, but rest have problem?

[suellenzsoares]

Hello @AtofStryker,
I believe I'm having a similar issue, after be already logged and the tests is executing it just logout.
I really appreciate if you can help me with it once it is blocking our regression tests.

Thank you so much

[mschile]

@jonasraoni, I tried to recreate the issue using this repo but I was unable to reproduce it. Please let me know if I am missing something.

@suellenzsoares, do you have a project that I could look at or can you update this repo to reproduce the issue.

[suellenzsoares]

Hello! Can it be remotely? Because I don't have permission to share the code. Thank you for fast reply!

…

On Fri, Feb 3, 2023, 20:43 Matt Schile ***@***.***> wrote: @jonasraoni <https://github.com/jonasraoni>, I tried to recreate the issue using this repo <https://github.com/mschile/cypress-test-tiny/tree/issue-25495> but I was unable to reproduce it. Please let me know if I am missing something. @suellenzsoares <https://github.com/suellenzsoares>, do you have a project that I could look at or can you update this repo <https://github.com/mschile/cypress-test-tiny/tree/issue-25495> to reproduce the issue. — Reply to this email directly, view it on GitHub <#25495 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQRZL6FNK7FORC4PIP4NUELWVWJ2FANCNFSM6AAAAAAT6ZIWGQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[mschile]

Possibly related to #25205

@jonasraoni, here is potential workaround.

@suellenzsoares, unfortunately, I won't be able to help remotely but please feel free to try the above workaround if it's the same issue. Otherwise, would you be able to recreate your issue with a reproduction repository by forking cypress-test-tiny or by other means?

[denissonp]

Also, it seems like, when the same cookie is recreated after a redirecting, Cypress is keeping both cookies, instead of only keeping the last one created.
At least, this is the behaviour I get. and If I manually delete the old duplicated cookies from the browser, it works just fine.
I'm using Chrome to test, btw.

[suellenzsoares]

I didn't have time yet to try it this week, I'm executing other tests, as soon as I have time I'll try again and let you all know.

…

On Tue, Feb 7, 2023, 12:09 Denisson Paz ***@***.***> wrote: Also, it seems like, when the same cookie is recreated after a redirecting, Cypress is keeping both cookies, instead of only keeping the last one created. At least, this is the behaviour I get. and If I manually delete the old duplicated cookies from the browser, it works just fine. I'm using Chrome to test, btw. — Reply to this email directly, view it on GitHub <#25495 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQRZL6H34YYWMMPQSFYY3BTWWJQQ5ANCNFSM6AAAAAAT6ZIWGQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>