superagent icon indicating copy to clipboard operation
superagent copied to clipboard
verified publisher icon ladjs

Unable to access multiple 'set-cookie'

Open totszwai opened this issue 7 years ago • 2 comments

How do you access multiple 'set-cookie' from the headers?

cache-control: max-age=315360000
cache-control: public
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 14 Dec 2018 16:24:17 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: no-cache
set-cookie: csrftoken=##allyourbasebelongtous; Secure; Path=/
set-cookie: session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Secure; HttpOnly; Path=/
status: 200
strict-transport-security: max-age=3600; includeSubDomains
vary: Accept-Encoding

It only gives the last one:

{ date: 'Fri, 14 Dec 2018 17:36:01 GMT',
  'content-type': 'text/html; charset=utf-8',
  'transfer-encoding': 'chunked',
  connection: 'close',
  vary: 'Accept-Encoding',
  'cache-control': 'no-cache, no-store, must-revalidate, private',
  pragma: 'no-cache',
  'set-cookie':
   [ 'global-session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Secure; HttpOnly; Path=/' ],
  'strict-transport-security': 'max-age=3600; includeSubDomains',
  'x-using-nginx-controller': 'true',
  'content-encoding': 'gzip' }

totszwai avatar Dec 14 '18 17:12 totszwai

PR welcome to fix this

niftylettuce avatar Jun 06 '19 06:06 niftylettuce

I tried to reproduce this one without success. This is the edpoint I'm using to test the behaviour

app.get('/multiple-cookies', (req, res) => {
  res.cookie('csrftoken', 'allyourbasebelongtous', { path: '/', secure: true })
  res.cookie('session', 'e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU', { path: '/', secure: true, httpOnly: true })
  res.send('ok');
});

and the relative curl response

< HTTP/1.1 200 OK
< X-Powered-By: Express
< Cache-Control: no-cache, no-store
< Set-Cookie: csrftoken=allyourbasebelongtous; Path=/; Secure
< Set-Cookie: session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Path=/; HttpOnly; Secure
< Content-Type: text/html; charset=utf-8

and this is correctly returned by superagent

 'set-cookie':
   [ 'csrftoken=allyourbasebelongtous; Path=/; Secure',
     'session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Path=/; HttpOnly; Secure' ],

let me know if there is anything I'm missing

ksnll avatar Oct 03 '19 09:10 ksnll