Set-Cookie header is broken on master branch #1296

Closed
davispuh opened this Issue Nov 15, 2014 · 5 comments

Comments

Projects
None yet
5 participants
@davispuh

When you've multiple cookies, passenger joins them together with a comma but each should be on a new line. This way it was broken with commit ca3edde but I tried some commits before it and set-cookie header was still wrong it returned only last cookie.

Can confirm it with following rack app

class App
  def self.call(env)
    cookies = "firstCookie=cookie_data; path=/\nsecond_cookie=second_cookiedata; path=/"
    [200, { "Set-Cookie" => cookies }, '']
  end
end

run App

On master branch it will return

Set-Cookie: firstCookie=cookie_data; path=/,second_cookie=second_cookiedata; path=/

but on release-4.0.53 tag and stable-4.0 branch is correct behavior

Set-Cookie: firstCookie=cookie_data; path=/
second_cookie=second_cookiedata; path=/
@wideopenspaces

This comment has been minimized.

Show comment
Hide comment
@wideopenspaces

wideopenspaces Dec 11, 2014

I have also noticed some cookies being truncated in 5.0.0beta1 - is this also fixed?

I have also noticed some cookies being truncated in 5.0.0beta1 - is this also fixed?

@FooBarWidget

This comment has been minimized.

Show comment
Hide comment
@FooBarWidget

FooBarWidget Dec 11, 2014

Member

It should be fixed in git master. Could you verify?

Sent from my Android phone.
On Dec 11, 2014 1:53 AM, "Jacob Stetser" notifications@github.com wrote:

I have also noticed some cookies being truncated in 5.0.0beta1 - is this
also fixed?


Reply to this email directly or view it on GitHub
#1296 (comment).

Member

FooBarWidget commented Dec 11, 2014

It should be fixed in git master. Could you verify?

Sent from my Android phone.
On Dec 11, 2014 1:53 AM, "Jacob Stetser" notifications@github.com wrote:

I have also noticed some cookies being truncated in 5.0.0beta1 - is this
also fixed?


Reply to this email directly or view it on GitHub
#1296 (comment).

@distler

This comment has been minimized.

Show comment
Hide comment
@distler

distler Dec 20, 2014

With 5.0.0beta2, I seem to be having the opposite problem. Rather than 1 session cookie, when I POST to an action (/save, in my case), I get two session cookies, one with domain '/' (correct) and one with domain '/save' (incorrect).

distler commented Dec 20, 2014

With 5.0.0beta2, I seem to be having the opposite problem. Rather than 1 session cookie, when I POST to an action (/save, in my case), I get two session cookies, one with domain '/' (correct) and one with domain '/save' (incorrect).

@jensb

This comment has been minimized.

Show comment
Hide comment
@jensb

jensb Dec 20, 2014

I have a similar problem (I don't know if it s related): With Passenger, I get "set-cookie" (lowercase) response headers and the cookies are concatenated using "," (comma) and thus not recognized by the client. With WEBrick ("rails s -p 3001") used in the same app this does not happen, there are multiple "Set-Cookie" (note the mixed case) headers. One symptom of my app is that with Passenger I currently cannot log in.

jensb commented Dec 20, 2014

I have a similar problem (I don't know if it s related): With Passenger, I get "set-cookie" (lowercase) response headers and the cookies are concatenated using "," (comma) and thus not recognized by the client. With WEBrick ("rails s -p 3001") used in the same app this does not happen, there are multiple "Set-Cookie" (note the mixed case) headers. One symptom of my app is that with Passenger I currently cannot log in.

@FooBarWidget

This comment has been minimized.

Show comment
Hide comment
@FooBarWidget

FooBarWidget Dec 22, 2014

Member

These should also be fixed. See issue #1310.

Member

FooBarWidget commented Dec 22, 2014

These should also be fixed. See issue #1310.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment