Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

set multiple cookies #195

Closed
chapani opened this Issue Apr 14, 2012 · 7 comments

Comments

Projects
None yet
1 participant

chapani commented Apr 14, 2012

Is it possible to set more than one cookie at once? If, yes, how can I do that? thanks!

chapani commented Apr 14, 2012

Here is the snippet:

  {ok, Req2} = cowboy_http_req:set_resp_cookie(
    <<"user_id">>, UserId, [{path, "/"}], Req),
  {ok, Req3} = cowboy_http_req:set_resp_cookie(
    <<"session_id">>, SessionId, [{path, "/"}], Req2),

Only the first one is being set, the other (session_id) isn't set.

I have another question: do I always have to redirect to set cookies or normal 200 response will set cookies?

thanks!

@ghost

ghost commented Apr 15, 2012

Confirmed. If the same header is set with different values only the most recently used header value is included in the response. This contradicts your result, where only the user_id cookie was included in the response, it's still the same bug though. It's easy to reproduce by inspecting the response sent from this minimal server.

#!/usr/bin/env escript
%%! -pa ebin
-mode(compile).
-export([main/1, init/3, handle/2, terminate/2]).

main(_) ->
    ok = application:start(sasl),
    ok = application:start(cowboy),
    {ok, _} = cowboy:start_listener(?MODULE, 10,
        cowboy_tcp_transport, [{port, 8080}],
        cowboy_http_protocol, [{dispatch, [{'_', [{'_', ?MODULE, []}]}]}]),
    io:format("http://localhost:8080/~n", []),
    receive _ -> stop end.

init({_, http}, Req, _Opts) ->
    {'GET', Req2} = cowboy_http_req:method(Req),
    {ok, Req2, undefined}.

handle(Req, State) ->
    {ok, Req2} = cowboy_http_req:set_resp_cookie(
        <<"cookie1">>, <<"value1">>, [{path, "/"}], Req),
    {ok, Req3} = cowboy_http_req:set_resp_cookie(
        <<"cookie2">>, <<"value2">>, [{path, "/"}], Req2),
    {ok, Req4} = cowboy_http_req:reply(200, [], <<"Setting Cookies">>, Req3),
    {ok, Req4, State}.

terminate(_Req, _State) ->
    ignore.
@ghost

ghost commented Apr 15, 2012

The culprit here is the merge_headers function in the cowboy_http_req module. We might want to handle Set-Cookie headers differently.

https://github.com/extend/cowboy/blob/master/src/cowboy_http_req.erl#L834

chapani commented Apr 15, 2012

thanks, @klaar,

My last two issues weren't cowboy issues, and today I was about to close this issue as well. While researching the problem I came across this google doc which talks about cookies:

http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies

According to it, multiple cookies are not supported by all browsers. As I understood, even if Cowboy supports multiple cookie setting, it may not be compatible with browsers. I might be wrong.

The only solution that came to my mind is to set something like that: MyCookie = "data1&data2&data3...dataN" and parse it by separator.

Thanks again for your support!
-- buriwoy

@ghost

ghost commented Apr 15, 2012

@buriwoy it's not clear whether this behavior is intended or not.

Pinging @bfrog who ported the mochiweb_cookies module to cowboy.

chapani commented Apr 17, 2012

thank you guys!

@chapani chapani closed this Apr 17, 2012

@ghost

ghost commented Apr 17, 2012

@bfrog Thanks for riding shotgun on this issue :)

@bfrog bfrog added a commit to treetopllc/cowboy that referenced this issue Oct 17, 2012

@josevalim @bfrog josevalim + bfrog Do not remove duplicated Set-Cookie entries
This commit closes #195, closes #199, closes #246.
8a6daf0

@bfrog bfrog added a commit to treetopllc/cowboy that referenced this issue Nov 26, 2012

@josevalim @bfrog josevalim + bfrog Do not remove duplicated Set-Cookie entries
This commit closes #195, closes #199, closes #246.
7028577
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment