Behavior inconsistency with request re: tough-cookie integration

[ScottyMJacobson]

Normally I'd try to dig more for an explanation, but I'm a bit confounded here. I'm doing some cookie construction / management by hand via tough-cookie to maintain sessions for my API calls, and it looks like request and request-promise are giving me two different behaviors, where request works but request-promise does not.

The problematic code is as follows

const request = require('request');
const requestPromise = require('request-promise');
const tough = require('tough-cookie');

let sessionCookie = new tough.Cookie({
    key: "some_key",
    value: "some_value",
    domain: 'api.mydomain.com',
    httpOnly: true,
    maxAge: 31536000
});
let cookiejar = request.jar();
cookiejar.setCookie(sessionCookie, 'https://api.mydomain.com'); // does not throw an error


let sessionCookie2 = new tough.Cookie({
    key: "some_key",
    value: "some_value",
    domain: 'api.mydomain.com',
    httpOnly: true,
    maxAge: 31536000
});
let cookiejar2 = requestPromise.jar();
cookiejar2.setCookie(sessionCookie2, 'https://api.mydomain.com'); // TypeError: str.trim is not a function

Is it just a version/dependency thing? Am I just abusing the concept of cookie jars beyond repair?
From my package.json:

    "request": "^2.81.0",
    "request-promise": "^4.2.0",
    "tough-cookie": "^2.3.2",

I'm leaving the request.jar() patch in for now, but I'd love to know what's going wrong exactly

Thanks in advance,
Scotty

[analog-nico]

Thanks for making it easy for me to reproduce the issue @ScottyMJacobson ! This one haunted me a while back already.

When you use request-promise there are two different Cookie prototypes in play and tough-cookie derails. There is nothing you can do. I am working on a fix inside of request-promise.

[analog-nico]

I just published request-promise@4.2.1 which includes the fix. Thanks again for bringing this up!

[frejus123]

Now I am trying to use request-promise@4.2.1 to generate cookiejar
like let cookiejar2 = requestPromise.jar(); but it still occur this problem,why?

thanks a lot

[analog-nico]

@frejus123 Could you post your code snippet to help me understand your situation?

[analog-nico]

@frejus123 If you use the same code as shown in the README then most likely you have tough-cookie installed multiple times. Please run npm ls tough-cookie to verify that and make sure you have it installed only once.

[frejus123]

@analog-nico
Thanks analog-nico a lot.By using npm ls tough-cookie:

├─┬ request-promise@4.2.1
│ └── tough-cookie@2.3.2 (A)
└── tough-cookie@2.3.2 (B)

I found I really have installed tough-cooke twice,then I delete one tough-cookie marked as (B).
When I run again ,it occur tough is not defined

``

`
var rp = require('request-promise');
var tough = require('tough-cookie');

var cookie = new tough.Cookie({
key: tssKey,
value: tssVal,
//domain: 'localhost',
httpOnly: true,
maxAge: 31536000
});
var cookiejar = rp.jar();
cookiejar.setCookie(cookie, 'http://localhost:8080');
var requestOptions = {
method: 'POST',
uri: 'http://localhost:8080/sss',
body:jsonStr,
headers: {
'content-type': 'application/json;charset=UTF-8'
},

resolveWithFullResponse:

true,
jar: cookiejar
};`

[analog-nico]

@frejus123 If you delete A instead of B then it should work. This then also resembles the packages hierarchy when you do a clean npm install.

[frejus123]

@analog-nico
Thanks a lot, it's resolved. #

[analog-nico]

@frejus123 Excellent. I'll add a note to the README for people who experience the same issue as you just did. Happy coding!

[kapilchokhawala]

I am having the same problem as @ScottyMJacobson I am using exactly same code.

And getting the same error:

TypeError: str.trim is not a function

Any clue, I am using request-promise@4.2.2

My code looks like this:

let cookie = new tough.Cookie({domain: '.companyName.ninja',
  httpOnly: true,
  name: '_application_session',
  path: '/',
  secure: false,
  value: 'f044888d39e2d19126716d9f54028700' })
let cookieJar = request.jar()
cookieJar.setCookie(cookie, 'http://application.companyName.ninja/')
options.jar = cookieJar

[ScottyMJacobson]

Like @kapilchokhawala, I started getting this error again (I'm not sure whether it was triggered by a new version of one of the relevant packages). This time, the error happened even when I used let jar = request.jar(); (which seems to have been the workaround I had found last year, using the non-promise request lib)

The solution over in this request issue thread seemed to have worked, but feels a bit brittle to dig into the internals of request / tough-cookie

            let toughCookieJar = new tough.CookieJar(undefined, {looseMode: true});
            let jar = request.jar();
            jar._jar = toughCookieJar;
            jar.setCookie(cookieObject, endpoints.base);

[mfonsen]

I bumped into this problem, solved by downgrading packages for now:

    "request": "^2.85.0",
    "request-promise": "^4.2.2",
    "tough-cookie": "^2.3.4"

(this was the wrong config, happened to work due to other unrelated things)

[ScottyMJacobson]

@mfonsen after some poking around with versions, it looks like for me as well tough-cookie 2.3.4 (and the others) are the last version that I can get to work

@analog-nico this appears to have broken the unit tests for this lib and requests-promise-native (the lib we're actually using) - let me know if you'd like me to open an issue in that repo as well

[milespoindexter]

I'm also getting the same error msg after upgrading from 2.3.4 to 2.4.2:
TypeError: str.trim is not a function

at Function.parse (node_modules/request/node_modules/tough-cookie/lib/cookie.js:428:13)
      at CookieJar.setCookie (node_modules/request/node_modules/tough-cookie/lib/cookie.js:1004:21)
      at CookieJar.setCookieSync (node_modules/request/node_modules/tough-cookie/lib/cookie.js:1395:18)
      at RequestJar.setCookie (node_modules/request/lib/cookies.js:25:20)

Actually, the problem seems to be in the request pkg. Upgrading request from 2.83.0 to 2.87.0 breaks tough-cookie / jar process. I downgraded request back to 2.83.0 and things are working now.

├─┬ request@2.87.0
│ └── tough-cookie@2.3.4
├─┬ request-promise-native@1.0.5
│ └── tough-cookie@2.3.4  deduped
└── tough-cookie@2.3.4
vs:

├─┬ request@2.83.0
│ └── UNMET DEPENDENCY tough-cookie@~2.3.3
├─┬ request-promise-native@1.0.5
│ └── tough-cookie@2.4.2  deduped
└── tough-cookie@2.4.2

[guillaumegarcia13]

Same here with this

const cookieJar = rp.jar();
const cookie: request.Cookie | string = request.cookie(cookieDetails.toString()) || '';
cookieJar.setCookie(cookie, `https://${ domain }`);

Yet, replacing the last 2 lines with:
cookieJar.setCookie(cookieDetails.toString(), `https://${ domain }`);

seems to solve this. 🤨

[HELLKING66666]

The problem is not solved yet.

---

+-- request@2.83.0
| -- tough-cookie@2.3.4 +-- request-promise@4.2.1 | -- tough-cookie@2.4.2 deduped
`-- tough-cookie@2.4.2

---

The Version Work for me.
"request": "^2.81.0",
"request-promise": "^4.2.1",
"tough-cookie": "2.3.2",

[kapilchokhawala]

Instead of using tough-cookie, I am directly setting cookie in the options/header for the request-promise. It works for me.

[fXy-during]

cookieJar.setCookie(cookie.toString(), https://${ domain });

toString(). It's work for me

[josephgruber]

Clean install, using the exact code from the example, and this still occurs for me

[uct8086]

i just fixed like this:

let cookie = new tough.Cookie({
        key: "key",
        value: value,
        domain: 'http://test.com',
        httpOnly: true,
        maxAge: 31536000
    });
    let cookie_str = cookie.toString();

    cookie_str = cookie_str.replace('Domain=http://test.com;', '');

    let cookiejar = rp.jar();
    cookiejar.setCookie(cookie_str, 'http://test.com');

it worked. ^V^