New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: does not handle semicolon-terminated cookie strings very well #52349
Comments
Thanks for the report. Do you know if the relevant specification says anything about this, or is this more related to nuances of the CC @neild. |
Sorry, I didn't find the specification either, it's just that we had a problem with it in our production environment, we were using version 1.16 and found that some of the cookie strings ended in a semicolon and then some of the cookies were lost after appending a new cookie. i looked at the http.Request.AddCookie() implementation and it doesn't start with Instead of removing the extra semicolon first, it goes on to add another one. Has the standard library considered correcting this beforehand to make it conform to the standard before adding a new cookie? |
FYI, here is the spec for the
And
According to the spec, |
In theory, it should indeed be as specified in the draft, but our production environment did encounter a cookie string ending in a semicolon, which caused us problems; I was hoping that the standard library would be compatible with this situation, after all, go 1.16 would simply lose the newly appended cookie, and although subsequent versions have fixed this problem, they have never removed that extra semicolon. |
It is not valid for a Go 1.18's
|
This should also be considered a dup of #38437 |
Ok, thanks for the replies! |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
I tried version 1.18 and it did not solve my problem completely.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
The following code has reproduction problems:
What did you expect to see?
The actual printed results of the demo code:
The result I expect:
Why can't the http.Request.AddCookie() method remove the semicolon at the end and then append the cookie string?
The text was updated successfully, but these errors were encountered: