aws-lambda-dotnet
aws-lambda-dotnet copied to clipboard
aws
Order of Cookie is getting changed when response is returned from Lambda when set as target against ALB
Describe the bug
In my code I am deleting the cookie before setting the new value for it.
// Code executed on 19th Jan HttpContext.Response.Cookies.Delete("testCookie"); HttpContext.Response.Cookies.Append("testCookie", "test" , option);
Now I should see following in response in browser -
Set-Cookie testCookie=; expires=Thu, 18 Jan 2023 18:33:48 GMT; path=/
Set-Cookie testCookie=test; expires=Thu, 19 Jan 2023 18:33:48 GMT; path=/
This set testCookie to value test and returned in subsequent request.
Above is the behavior of my code when hosted on prem and EKS.
Now when hosted the code in lambda - Now I see following in response in browser -
Set-Cookie testCookie=test; expires=Thu, 19 Jan 2023 18:33:48 GMT; path=/
Set-Cookie testCookie=; expires=Thu, 18 Jan 2023 18:33:48 GMT; path=/
This set testCookie to value empty which is also expired and not returned in subsequent request.
https://github.com/aws/aws-lambda-dotnet/blob/master/Libraries/src/Amazon.Lambda.AspNetCoreServer/ApplicationLoadBalancerFunction.cs#L167
Here we are moving the headers from HeaderDictionary to IDictionary does this modify the order of cookies with same name?
Expected Behavior
I should see the cookie in response header in same order in which they were set.
Current Behavior
Order of cookie is getting changed
Reproduction Steps
Host an API in ALB and set delete the of cookie and then set the same value. You will issue getting reproduced.
Possible Solution
No response
Additional Information/Context
No response
AWS .NET SDK and/or Package version used
Amazon.Lambda.AspNetCoreServer.7.2.0
Targeted .NET Platform
.NET 6
Operating System and version
AmazonLinux - Lambda
@ElectricVampire Thanks for reporting the issue. Could you please share the following:
- Your use case, why not just set the cookie with new value and expiration rather than deleting it first.
- Sample code solution which reproduces the issue, just want to make sure we have consistent repro.
Thanks, Ashish
@ashishdhingra
- Our application is multi layer application and in request/response pipeline there are various component not owned by our team. One of such component clears all the cookies for their own business logic and security concerns. But we are up in the pipeline hence we add the latest value to cookie.
- I created code from Lambda Web API template and just added/deleted cookies in Values controller Get method to reproduce the issue. https://github.com/ElectricVampire/LambdaWebApi.
awselb/2.0 Headers in Browser : (Issue) Set-Cookie testCookie=ABC; Set-Cookie testCookie=; // This will clear the cookie as its after ABC Set-Cookie dummy=abc;
Kestrel Headers in Browser (Expected) Set-Cookie dummy=abc; Set-Cookie testCookie=; Set-Cookie testCookie=ABC;