cypress
cypress copied to clipboard
cypress-io
Cypress reuses a stale cookie
Current behavior
See below
Desired behavior
No response
Test code to reproduce
See below
Cypress Version
https://github.com/cypress-io/cypress/commit/38a65a6d7c04dff8e5663d9fee1b7df1b5828fb4#comments
Node version
v16.13.0
Operating System
macOS 13.1 (22C65)
Debug Logs
No response
Other
Note
This issue was originally discussed in https://github.com/cypress-io/cypress/pull/25761 so this issue description can be a bit confusing.
I am opening a new issue as requested by @AtofStryker in https://github.com/cypress-io/cypress/pull/25761#issuecomment-1430256501:
Also, would you be willing to open a separate issue for this outside of #25174 since I think the cause of your problem might actually be unrelated?
I took the version in https://github.com/cypress-io/cypress/commit/38a65a6d7c04dff8e5663d9fee1b7df1b5828fb4#comments for a spin and that doesn't yet seem to resolve my original issue. However I can no longer see duplicated cookies prepended with a dot (as in #25174) so I'll have to dig deeper into figuring out what could cause the error I'm seeing in https://github.com/cypress-io/cypress/issues/25174#issuecomment-1372238119
I'd be more than happy to debug further if there's parts that would help figure out what's going wrong here. Anything that could provide you more insight onto this particular case is appreciated.
The application code under test is mostly doing this:
- click the "send reply button"
- Triggers an AJAX query with
jQuery.ajax - Once AJAX request is done, does
document.location.reload(true) - After reload, the UI should contain the flash message that uses the cookie server set during the AJAX request
With Cypress v11.2.0
The exported HAR file from Google Chrome's Network inspector: test.venuu.fi-cypress-11.2.har.zip
With this PR
The exported HAR file from Google Chrome's Network inspector: test.venuu.fi-cypress-12.x.har.zip
Originally posted by @valscion in https://github.com/cypress-io/cypress/issues/25761#issuecomment-1425636122
@valscion thank you for taking a look at this! I was going to update today since I was out, but you beat me to it. I am going to take a look and see what might be causing your issue here. Possibly a cookie getting overwritten? I should have an update soon!
Originally posted by @AtofStryker in https://github.com/cypress-io/cypress/issues/25761#issuecomment-1428096164
@valscion Just from looking at the screenshots, the cookies being sent look correct? Are you able to verify if cookies are being doubled up in the request with DEBUG=cypress-verbose:proxy:http enabled and seeing the cookies attached in the requests with the "cookies being sent with request" log?
Originally posted by @AtofStryker in https://github.com/cypress-io/cypress/issues/25761#issuecomment-1428376273
Here's the full STDERR output (using the build from commit c1d8360dbbd8853bcb7c43276351a5c5fc6cfb3a) from running with DEBUG=cypress-verbose:proxy:http: https://gist.github.com/valscion/8c05b57d24102f42ed5931e51c463439
I noticed these parts from the logs that look suspicious to me (formatted the JS objects output for easier reading):
2023-02-14T07:30:30.493Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingRequest proxying request
{
req: {
method: "POST",
proxiedUrl:
"http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456db22cac/messages",
headers: {
host: "test.venuu.fi:3010",
"proxy-connection": "keep-alive",
"content-length": "851",
accept: "application/json, text/javascript, */*; q=0.01",
"content-type":
"multipart/form-data; boundary=----WebKitFormBoundary7BgtAJBYCqpeBJb2",
cookie:
"_venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI3Ljc5NloiLCJwdXIiOm51bGx9fQ%3D%3D--75083b7fa8c13d1c917741ec296865022db46112",
origin: "http://test.venuu.fi:3010",
"user-agent":
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"x-requested-with": "XMLHttpRequest",
"x-cypress-is-xhr-or-fetch": "xhr",
referer:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
"accept-encoding": "gzip, deflate",
"accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
},
},
}
2023-02-14T07:30:30.493Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingRequest found x-cypress-is-xhr-or-fetch header. Deleting x-cypress-is-xhr-or-fetch header.
2023-02-14T07:30:30.493Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingRequest waiting for prerequest
2023-02-14T07:30:30.649Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingResponse received response
{
req: {
method: "POST",
proxiedUrl:
"http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456db22cac/messages",
headers: {
host: "test.venuu.fi:3010",
"proxy-connection": "keep-alive",
"content-length": "851",
accept: "application/json, text/javascript, */*; q=0.01",
"content-type":
"multipart/form-data; boundary=----WebKitFormBoundary7BgtAJBYCqpeBJb2",
cookie:
"_venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI3Ljc5NloiLCJwdXIiOm51bGx9fQ%3D%3D--75083b7fa8c13d1c917741ec296865022db46112",
origin: "http://test.venuu.fi:3010",
"user-agent":
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"x-requested-with": "XMLHttpRequest",
referer:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
"accept-encoding": "gzip",
"accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
},
},
incomingRes: {
headers: {
"x-frame-options": "SAMEORIGIN",
"x-xss-protection": "1; mode=block",
"x-content-type-options": "nosniff",
"x-download-options": "noopen",
"x-permitted-cross-domain-policies": "none",
"referrer-policy": "strict-origin-when-cross-origin",
"cache-control": "no-cache",
"set-cookie": [Array],
"x-request-id": "7bc241d9-08d0-442f-9b60-8e6f8b0bd62c",
"x-runtime": "0.129650",
},
statusCode: 204,
},
}
2023-02-14T07:30:30.650Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingResponse determine injection
2023-02-14T07:30:30.650Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingResponse - no injection (not html)
2023-02-14T07:30:30.650Z cypress-verbose:proxy:http POST http://test.venuu.fi:3010/admin/catering_inquiries/43d7cb56-d927-4dc7-b2ae-9e456... IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false }
2023-02-14T07:30:30.663Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest proxying request
{
req: {
method: "GET",
proxiedUrl:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
headers: {
host: "test.venuu.fi:3010",
"proxy-connection": "keep-alive",
"cache-control": "max-age=0",
accept:
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
cookie:
"_venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjMwLjYwMVoiLCJwdXIiOm51bGx9fQ%3D%3D--3c22d37cc6095f39ccd750dfaf8857adb9415762; _venuu_flash=IntcImRpc2NhcmRcIjpbXSxcImZsYXNoZXNcIjp7XCJfcmVwbHlfc2VudFwiOntcIm5hbWVcIjpcIkpvaG4gRG9lXCIsXCJlbWFpbFwiOlwiam9obi5kb2VAZXhhbXBsZS5jb21cIn19fSI%3D--465b441a893b80fbe1b91ab62bbb00cbc8bfb698; __cypress.initial=true",
"upgrade-insecure-requests": "1",
"user-agent":
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"x-cypress-is-aut-frame": "true",
referer:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
"accept-encoding": "gzip, deflate",
"accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
},
},
}
2023-02-14T07:30:30.663Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest should cookies be attached to request?: true
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest existing cookies on request from cookie jar: _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI1LjY4MFoiLCJwdXIiOm51bGx9fQ%3D%3D--1c0cbe7da70d734384a8db72bb0a423221026f6f; Expires=Mon, 14 Aug 2023 07:30:25 GMT; Path=/; SameSite=Lax; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; Expires=Fri, 14 Feb 2025 07:30:25 GMT; Path=/; SameSite=Lax; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; Path=/; SameSite=Lax
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest add cookies to request from header: _venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjMwLjYwMVoiLCJwdXIiOm51bGx9fQ%3D%3D--3c22d37cc6095f39ccd750dfaf8857adb9415762; _venuu_flash=IntcImRpc2NhcmRcIjpbXSxcImZsYXNoZXNcIjp7XCJfcmVwbHlfc2VudFwiOntcIm5hbWVcIjpcIkpvaG4gRG9lXCIsXCJlbWFpbFwiOlwiam9obi5kb2VAZXhhbXBsZS5jb21cIn19fSI%3D--465b441a893b80fbe1b91ab62bbb00cbc8bfb698; __cypress.initial=true
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest cookies being sent with request: _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI1LjY4MFoiLCJwdXIiOm51bGx9fQ%3D%3D--1c0cbe7da70d734384a8db72bb0a423221026f6f; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; _venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; __cypress.initial=true
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest waiting for prerequest
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest Incoming request GET-http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5 matches known pre-request:
{
browserPreRequest: {
requestId: "38E779180BE834F055D1E00804BFFF0B",
method: "GET",
url: "http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
headers: {
Referer:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
"Upgrade-Insecure-Requests": "1",
"User-Agent":
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
},
resourceType: "other",
originalResourceType: "Document",
},
timestamp: 1676359830660,
}
2023-02-14T07:30:30.858Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse determine injection
2023-02-14T07:30:30.859Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse - full injection
2023-02-14T07:30:30.859Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse injection levels: { isInitial: true, wantsInjection: 'full', wantsSecurityRemoved: true }
2023-02-14T07:30:30.861Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse injecting into HTML
2023-02-14T07:30:30.861Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse ensuring resStream is plaintext
2023-02-14T07:30:30.861Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse gunzipping response body
2023-02-14T07:30:30.862Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse inferred charset from response { httpCharset: 'utf8' }
2023-02-14T07:30:30.863Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingResponse regzipping response body
And more specifically this one:
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest cookies being sent with request: _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI1LjY4MFoiLCJwdXIiOm51bGx9fQ%3D%3D--1c0cbe7da70d734384a8db72bb0a423221026f6f; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; _venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; __cypress.initial=true
It appears that it's sending
_venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce;
while the earlier line used a much much longer _venuu_flash value here:
2023-02-14T07:30:30.663Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest proxying request
{
req: {
method: "GET",
proxiedUrl:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
headers: {
host: "test.venuu.fi:3010",
"proxy-connection": "keep-alive",
"cache-control": "max-age=0",
accept:
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
cookie:
"_venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjMwLjYwMVoiLCJwdXIiOm51bGx9fQ%3D%3D--3c22d37cc6095f39ccd750dfaf8857adb9415762; _venuu_flash=IntcImRpc2NhcmRcIjpbXSxcImZsYXNoZXNcIjp7XCJfcmVwbHlfc2VudFwiOntcIm5hbWVcIjpcIkpvaG4gRG9lXCIsXCJlbWFpbFwiOlwiam9obi5kb2VAZXhhbXBsZS5jb21cIn19fSI%3D--465b441a893b80fbe1b91ab62bbb00cbc8bfb698; __cypress.initial=true",
"upgrade-insecure-requests": "1",
"user-agent":
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"x-cypress-is-aut-frame": "true",
referer:
"http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5",
"accept-encoding": "gzip, deflate",
"accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
},
},
}
That is, the cookie value should've been:
_venuu_flash=IntcImRpc2NhcmRcIjpbXSxcImZsYXNoZXNcIjp7XCJfcmVwbHlfc2VudFwiOntcIm5hbWVcIjpcIkpvaG4gRG9lXCIsXCJlbWFpbFwiOlwiam9obi5kb2VAZXhhbXBsZS5jb21cIn19fSI%3D--465b441a893b80fbe1b91ab62bbb00cbc8bfb698;
Originally posted by @valscion in https://github.com/cypress-io/cypress/issues/25761#issuecomment-1429274980
Thank you for sending that over @valscion
I think I can see what is going on here. I looked at the gist you provided and right along this line I noticed something.
2023-02-14T07:30:30.663Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5', headers: { host: 'test.venuu.fi:3010', 'proxy-connection': 'keep-alive', 'cache-control': 'max-age=0', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', cookie: '_venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjMwLjYwMVoiLCJwdXIiOm51bGx9fQ%3D%3D--3c22d37cc6095f39ccd750dfaf8857adb9415762; _venuu_flash=IntcImRpc2NhcmRcIjpbXSxcImZsYXNoZXNcIjp7XCJfcmVwbHlfc2VudFwiOntcIm5hbWVcIjpcIkpvaG4gRG9lXCIsXCJlbWFpbFwiOlwiam9obi5kb2VAZXhhbXBsZS5jb21cIn19fSI%3D--465b441a893b80fbe1b91ab62bbb00cbc8bfb698; __cypress.initial=true', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36', 'x-cypress-is-aut-frame': 'true', referer: 'http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?auth=c4943930b82d2049769b8eefd7ffcfb27cfd9a89e7f934f5', 'accept-encoding': 'gzip, deflate', 'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8' } } }
2023-02-14T07:30:30.663Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest should cookies be attached to request?: true
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest existing cookies on request from cookie jar: _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI1LjY4MFoiLCJwdXIiOm51bGx9fQ%3D%3D--1c0cbe7da70d734384a8db72bb0a423221026f6f; Expires=Mon, 14 Aug 2023 07:30:25 GMT; Path=/; SameSite=Lax; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; Expires=Fri, 14 Feb 2025 07:30:25 GMT; Path=/; SameSite=Lax; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; Path=/; SameSite=Lax
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest add cookies to request from header: _venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjMwLjYwMVoiLCJwdXIiOm51bGx9fQ%3D%3D--3c22d37cc6095f39ccd750dfaf8857adb9415762; _venuu_flash=IntcImRpc2NhcmRcIjpbXSxcImZsYXNoZXNcIjp7XCJfcmVwbHlfc2VudFwiOntcIm5hbWVcIjpcIkpvaG4gRG9lXCIsXCJlbWFpbFwiOlwiam9obi5kb2VAZXhhbXBsZS5jb21cIn19fSI%3D--465b441a893b80fbe1b91ab62bbb00cbc8bfb698; __cypress.initial=true
2023-02-14T07:30:30.664Z cypress-verbose:proxy:http GET http://test.venuu.fi:3010/admin/kyselyt/c-43d7cb56-d927-4dc7-b2ae-9e456db22cac?a... IncomingRequest cookies being sent with request: _csrf_token=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltbzRVV1E0TkRGMmRtOVhka3BSVURkNmRrNVBXRlpTYmtSamFUbDVObEpIVWpJcmRuRnlZbGcyTTFVOUlnPT0iLCJleHAiOiIyMDIzLTA4LTE0VDA3OjMwOjI1LjY4MFoiLCJwdXIiOm51bGx9fQ%3D%3D--1c0cbe7da70d734384a8db72bb0a423221026f6f; cheekify_uid=aacf2693-c006-5a05-a446-a8d4570a9bf5; _venuu_flash=Im51bGwi--a3a459402d346d78f3660d86828309d06cc095ce; _venuu_session_id=7bed991bcafb0c91e358c29c469b00ae; visitor_uuid=ImE3MTQ1M2Y3LWViZjQtNGUxMS04MjM4LWY4NTBlMmIwZWJhMCI%3D--41ca8b8449c42e5a7c030ffe526dff4cef83aca6; cheekify_a=8c0324f1-fd7a-43aa-9e58-7821c687f4a9; ajs_anonymous_id=%228c0324f1-fd7a-43aa-9e58-7821c687f4a9%22; __cypress.initial=true
From what I can see, this request and a few others, are making Document requests to the main server, which is telling the server side cookie jar that cookies should be simulated since we might need to simulate the navigation. The problem is the initial cookie that is set is stored in the cookie jar, but isn't updated because it doesn't fit the simulation criteria. Then, when this request is sent through, the cookie jar overwrites the cookies sent in the request with stale cookie values, which is what we are seeing in these logs.
Unfortunately, I think this issue might be out of scope for this PR, but I am trying to think of ways we might be able to solve it.
- We need a way for the server side cookie jar to be in sync with what is in the browser. Right now, we sync values set in the jar down to the browser and CDP, but we don't sync them back up. So if something doesn't fit the criteria for the simulated jar, the jar becomes stale. We can fix this by syncing back up if a value were to change (most accurate), or by capturing cookies in the server jar on every request. I don't think we can rely on sec-fetch-mode or other types of metadata unfortunately.
To help confirm this is the case, are you able to try this binary? The windows binaries did not build for this job, but this commit might be a good start to rule out if this is the issue since we don't have a reprod for this particular thing. If you need a windows binary, let me know!
Also, would you be willing to open a separate issue for this outside of #25174 since I think the cause of your problem might actually be unrelated?
Originally posted by @AtofStryker in https://github.com/cypress-io/cypress/issues/25761#issuecomment-1430256501
Here's the rerun logs using https://github.com/cypress-io/cypress/commit/d44b2022c37669c42359fcb5c7918dab62682314#comments binary as you asked @AtofStryker:
https://gist.github.com/valscion/842d6f893d43e5698d57d64d44f2c74d
The error still remains.
Let me know if I can help with this case in any way.
@valscion thank you for moving this over into it's own issue. I'm surprised the binary didn't really have an impact as I would think it would take the newer cookie over the stale value in the jar before sending the request out.
You have already provided a lot with a reproduction for the prepended dot issue, but would you also be able to get a small reproduction up and running for this issue? I might be able to debug the issue a bit faster and see if the solution I think might work will help us out here.
would you also be able to get a small reproduction up and running for this issue?
Eesh, I can try — I was quite surprised to see that the reproduction I made with the prepended dot issue didn't show this issue as I tried to make it so 😅
I'll try to create a reproduction as I know fixing this issue without one will be next to impossible.
I'll try to create a reproduction as I know fixing this issue without one will be next to impossible.
@valscion I think it will be tough, but I think I have an idea what is going on here, especially from the logs. What I can try to do is try to get a fix together for what I think might fix the issue and build a binary for it.
The problem is the fix might be fairly involved, likely more so than the prepended dot work. I have some other things I need to get through but I am hoping I can start trying something by Friday?
@AtofStryker I managed to create a reproduction after a few hours of headbanging! :tada:
Here: https://github.com/valscion/cypress-stale-cookie-issue-reproduction
- The
mainbranch has v12.6.0 which is failing. Screenshots and video here:- https://github.com/valscion/cypress-stale-cookie-issue-reproduction/issues/3
- The same specs pass with v11.2.0:
- https://github.com/valscion/cypress-stale-cookie-issue-reproduction/pull/1
- The binary from https://github.com/cypress-io/cypress/commit/86a8cd83792a046146bb43d869f8812dd0fc800c is failing as expected:
- https://github.com/valscion/cypress-stale-cookie-issue-reproduction/pull/2
Let me know if there's anything more to this that you'd need ☺️. I've verified that this same issue appears also when doing XHR requests with jQuery, but I figured the reproduction is simpler if I just use the global fetch() instead.
@valscion awesome this should work! I need to figure out a way to run it since I have some permissions issues updating gem on my mac that are out of my control, and my linux machine is currently bricked 🙁 . I should be able to repartition my ubuntu install and get this up and running.
Oh damn. I can take a quick look if I can get this reproduction to run the Rails server inside Docker and update if I can't make it happen.
I think you should be OK with not upgrading your system gem in any way if you install the rbenv and configure that properly. That way gem comes from rbenv, not from your system Ruby.
Ok there's now a way to boot the Rails test server with Docker:
docker-compose --project-name=cypress-stale-cookie-repro up --build
Let me know if that works for you ☺️
@valscion docker-compose worked great! I was able to reproduce the issue and verify the actual behavior in the browser. Hoping to be able to investigate soon.
I updated the reproduction repository to v12.7.0 and posted the logs, screenshots and videos of failed test runs in this issue:
- https://github.com/valscion/cypress-stale-cookie-issue-reproduction/issues/3
@valscion awesome. I am hoping to take a deeper dive soon to figure out what the problem is.
I have the same issue as well and can verify my logs match what is shown. I also turned on cookie debug and noticed there was a difference in the sameSite attribute for these cookies when they were being set by Cypress. The old cookie has sameSite:"lax" and the new cookie has sameSite:"unspecified". In the browser I'm not sure if that helps or hurts but that is the only obvious difference between the two that I can see on the front end. In the dev tools for the Chrome browser there isn't a value shown for sameSite
The old cookie has sameSite:"lax" and the new cookie has sameSite:"unspecified".
That appears slightly different to what's happening in here. Maybe it's worth it to open a new issue about your issue @o3-steven and provide all the necessary issue details to triage that case?
I have the same issue, with pretty much the same setup: I do a login via an AJAX request, which sets new cookies. Afterwards the page is reloaded, but this page reload sends the old cookies, instead of the new ones.
This first starts happening with Cypress 10.10.0 and persists up to Cypress 12.11.0, whereas Cypress 10.9.0 worked fine. The changelog for 10.10.0 mentions the following, so it might be related to one of the mentioned issues:
More accurately send/set cookies in cy.origin() when experimentalSessionAndOrigin is enabled. Addresses #23551, #22670, and #23603.
Has anyone found a workaround for this issue? My team is actively trying to upgrade to v12 but is blocked by this issue.
We're still blocked by this at least. I would help with this if I could but it seems the amount of context one needs to have to solve this is quite high.
I'd also be happy to hear about workarounds.
Im not sure if this is related but using latest Cypress and has caused some headache for our automation scripts with cookies, a developer had to help us resolve
"Basically the problem why this needs added is Cypress is adding a cookie value to the Request Headers of Platform requests, which is falling over and causing a stack trace issue" :-(
@DobQA do you know what version you were on and what you upgraded to?
Latest version / Angular 14 webpage.
I had todo a work around like below:
cy.intercept('POST', '*', (req) => { delete req.headers['Cookie']; delete req.headers['cookie']; });
@DobQA do you know what version you were on and what you upgraded to?
Latest version / Angular 14 webpage.
I had todo a work around like below:
cy.intercept('POST', '*', (req) => { delete req.headers['Cookie']; delete req.headers['cookie']; });
OK just for historical context that should be 12.12.0 in case we are looking at this in the future.
If it helps, we're seeing this in our codebase and have it isolated. I'd be happy to jump on a video call, but creating a repro from our app/stack would be challenging.
Our logic goes:
- When the user logs in (via a GraphQL API), the API response sets an auth cookie.
- After the API response, frontend navigates to a URL that routes conditionally based on the auth token cookie being present (which is absent in Cypress 12, but works fine in 11)
- Routing is wrong due to lack of cookie and tests break, making it rough to upgrade to Cypress 12
In my Cypress test, this is what I see (which is surprising and hopefully helpful). cy.getCookies() vs document.cookie are showing different things. The correct cookies are on window.parent.document.cookie,
// login via API
cy.getCookies().then((cookies) => {
console.log(cookies) // <-- Cookie is present via cy.getCookies()
})
cy.document().then((document) => {
console.log(document.cookie) // <-- Cookie is NOT present on document, which breaks our app
console.log(window.parent.document.cookie) // <-- Cookie is present on Cypress host window
})
In my Cypress test, this is what I see (which is surprising and hopefully helpful).
cy.getCookies()vsdocument.cookieare showing different things. The correct cookies are onwindow.parent.document.cookie,
This also looks like a different issue than the one this issue is about. Could you create a new issue and fill in all the issue template questions there?
I have updated the reproduction repository to Cypress v12.13.0 and here's the logs: https://github.com/valscion/cypress-stale-cookie-issue-reproduction/issues/3#issuecomment-1571732289
My apologies, I realized this morning that I was using the new cy.origin stuff wrong. For anyone else that lands here:
Our webapp is an oauth provider, so we have tests that start (via cy.visit) on a test site, then they click a button to navigate to our app. Since the initial cy.visit() was not to our app site, Cy 12 wasn't putting server-set cookies in our app's cookie jar.
The fix was:
cy.visit('appurl') // make an initial visit to your app to set it as the "top"
cy.origin('partner site url', () => {
cy.visit('partner site url')
cy.get('oauth signup button').click()
})
cy.url().should('contain', 'appurl')
// back on app site, do other stuff with your cookies in tact
I did want to check in and say we haven't forgotten about this issue. The team is currently occupied on other issues, but I am hoping we can get to a fix in the near future!
Hey @AtofStryker we just ran into another issue with #27216. We are going to downgrade fastglob so that we can work around this and still use grep but issues like these and not being able to upgrade cypress are going to slowly put us in a bad spot.
Reproduction repository has been updated to Cypress v12.17.3 and the failure logs are here: https://github.com/valscion/cypress-stale-cookie-issue-reproduction/issues/3#issuecomment-1663919369
@Mert75 no updates yet, but as soon as we are able to work the issue I will post an update, unless anyone wants to work this as an open source contribution.
Hi, @AtofStryker, are there any updates on this issue, we faced the same problem. @valscion if you guys found any workaround, that would be helpful!
