requests icon indicating copy to clipboard operation
requests copied to clipboard

Published 20 hours ago verified publisher icon jossef

Cookies are ignored on redirects

Open Alyxsqrd opened this issue 2 years ago • 5 comments

Hi, it appears that this library ignores the cookies provided by the Set-Cookie header in a 301/302 redirect.

My best guess as to what's causing this: when Dart's HTTP library has followRedirects = true, ONLY the headers from the final destination are returned, meaning the headers from the prior responses are totally lost. ☹️

Possible workaround could be:

  1. Use final request = Request(...) for all methods
  2. Set request.followRedirects = false
  3. Do var response = _handleHttpResponse(...) before return
  4. Check if response.statusCode is 301/302. If true: Set response = _httpRequest(HttpMethod.GET, response.headers['location'], ...)
  5. return response

Alyxsqrd avatar Oct 01 '22 04:10 Alyxsqrd

Hi @Alyxsqrd, I've tested locally on dart vm and flutter web your fix and requests 4.7.0 but I can't reproduce your issue. I'm scraping a website that does 302 redirections and the cookies are set. Maybe extractResponseCookies isn't working like it should've, but that would be weird. https://github.com/jossef/requests/blob/e5192e983d76cc144fdcc3a16d925464eb86ed21/lib/src/requests.dart#L24 Or the regexes in CookieJar.parseCookiesString are not picking your cookie. https://github.com/jossef/requests/blob/e5192e983d76cc144fdcc3a16d925464eb86ed21/lib/src/cookie.dart#L104

Is your fix working for you ?

sehnryr avatar Oct 11 '22 08:10 sehnryr

Or maybe you thought that this package does redirects by itself ? Unlike Python's requests library, this requests dart package does not yet support redirects, this matter was discussed in #11 but was unfortunately left on hiatus.

sehnryr avatar Oct 11 '22 08:10 sehnryr

Can you test doing your request that does a 301/302 redirect and see the stored cookies with this: and tell me if the cookies are set or not ?

CookieJar cookieJar = await Requests.getStoredCookies(Requests.getHostname(url));
print(cookieJar.values);

sehnryr avatar Oct 11 '22 08:10 sehnryr

I've experienced similar issues. Requests library doesn't even have a chance to save cookies from intermediate responses, as these are not even returned to Requests when followRedirects is set to true.

bojeckkk avatar Nov 06 '22 15:11 bojeckkk

I'm running into this same issue right now. A POST request to authenticate is redirected but this library does not follow up on that redirect with the cookies intact, so the server believes me to be unauthenticated after the redirect.

Which workarounds would I have as of today?

Edit: I should add that, generally, a 302 after a POST request isn't right. But the site I am working with is doing that so it leaves me no choice. It would be great if I could somehow still follow this redirect

dominic-schmid avatar May 03 '24 13:05 dominic-schmid