Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BrowserKit] CookieJar can't parse multiple cookies from Set-Cookie #3109

asm89 opened this issue Jan 13, 2012 · 3 comments


None yet
3 participants
Copy link

commented Jan 13, 2012

CookieJar::updateFromResponse() assumes that each Set-Cookie header contains only one cookie:

This is wrong since the following is a valid header defining three cookies (foo=1, bar=2, PHPSESSID=id):
Set-Cookie: foo=1; expires=Fri, 13 Jan 2012 11:04:36 GMT;, bar=2; expires=Fri, 13 Jan 2012 11:04:36 GMT;, PHPSESSID=id; expires=Fri, 13 Jan 2012 11:04:36 GMT

Another error is that this header is parsed to a cookie foo with domain, bar=2.


This comment has been minimized.

Copy link

commented Apr 4, 2012

@fabpot ping


This comment has been minimized.

Copy link

commented Apr 4, 2012

This is non trivial to fix as we must parse the Set-Cookie string chunk by chunk (following the description of a cookie value described here: This is needed as , can be part of a date. Anyone willing to work on this?


This comment has been minimized.

Copy link

commented Apr 7, 2012

Is this related to #3287?

fabpot added a commit that referenced this issue Apr 7, 2012

merged branch jakzal/SetCookieWithMultipleCookiesBugFix (PR #3823)

7f92833 [BrowserKit] Fixed cs.
df3da28 [BrowserKit] Using assertNull instead of assertEquals.
87890d3 [BrowserKit] Fixed CookieJar issue being unable to parse multiple cookies from Set-Cookie.


[BrowserKit] Fixed CookieJar being unable to parse multiple cookies

Fix proposition for #3109

My fix splits value of *Set-Cookie* header by comma. Than it checks each extracted part if it starts with a cookie-name (token). If check is positive cookie is added to the list. Otherwise it's appended to the previous value. First element is always added to the list.

[rfc6265]( defines cookie-name with token:

    cookie-name = token
    token = <token, defined in [RFC2616], Section 2.2>

token is defined in [rfc2616]( as follows:

    token = 1*<any CHAR except CTLs or separators>
    CHAR = <any US-ASCII character (octets 0 - 127)>
    separators = "(" | ")" | "<" | ">" | "@"
                  | "," | ";" | ":" | "\" | <">
                  | "/" | "[" | "]" | "?" | "="
                  | "{" | "}" | SP | HT

That means cookie-name can be built out of following set of characters: *! # $ % & ' * + - . ^ _ ` | ~ 0-9 A-Z a-z*

Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes

@fabpot fabpot closed this Apr 7, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.