Many web-apps send cookie in multiple Set-Cookie headers, one header for one cookie. Requests joins this headers in one big header separate by comma.
From same webapp to requests.get
Set-Cookie: ASP.NET_SessionId=token1; path=/; HttpOnly
Set-Cookie: Cookie1=token2; path=/ecp
Set-Cookie: X-BEResource=WIN-RBFR0BDA7V7.testlab.net~1; path=/ecp/15.0.516.30; HttpOnly
Set-Cookie: X-BackEndCookie=token3; expires=Mon, 03-Apr-2017 12:25:07 GMT; path=/ecp; HttpOnly
In requests:
resp.headers this look like
Set-Cookie: ASP.NET_SessionId=token1; path=/; HttpOnly,
Cookie1=token2; path=/ecp,
X-BEResource=WIN-RBFR0BDA7V7.testlab.net~1; path=/ecp/15.0.516.30; HttpOnly,
X-BackEndCookie=token3; expires=Thu, 06-Apr-2017 08:27:22 GMT; path=/ecp; HttpOnly
Firefox, IE, Chrome invalid interpreted this cookies because separater is comma but in field EXPIRES comma separate day and date.
Principal problem in modification traffic. In my opinion then server send multiple headers lib must return multiple headers
Requests makes no promises about leaving headers in the form they are received from the server. Right now, I highly recommend you use the cookiejar Requests uses to store cookies rather than extracting them from the headers: we correctly insert them in there.
Longer term, we should probably add a fix to exclude the Set-Cookie
header from joining in this way.
This has bitten us and cost us quite a few hours. I'd like to vote to leave Set-Cookie
intact. Why does requests fiddle with the headers anyways? Is there some good reason for it? IMHO it only complicates things for everybody. What am I missing?
Thanks for your good work!
Hi, there is a way to parse headers correctly with https://github.com/Ousret/kiss-headers requests
won't be able to change their representation for headers any time soon.
Most helpful comment
Requests makes no promises about leaving headers in the form they are received from the server. Right now, I highly recommend you use the cookiejar Requests uses to store cookies rather than extracting them from the headers: we correctly insert them in there.
Longer term, we should probably add a fix to exclude the
Set-Cookie
header from joining in this way.