http icon indicating copy to clipboard operation
http copied to clipboard
verified publisher icon reactphp

HTTP client: Support for handling cookies

Open JustBeYou opened this issue 3 years ago • 3 comments

While I was trying to port some blocking libcURL code to ReactPHP I found there is no support for handling cookies when using the HTTP client. Inspired by other clients (especially cURL) I propose that the following features should be added:

  • compliance with HTTP State Management Mechanism (expiration, send the cookie only to the corresponding domain, etc.)
  • cookie support can be enabled/disabled
  • cookies can be added/removed manually
  • serialization/deserialization to/from a format like Netscape Cookie Jar (ideally this should be decoupled so other formats could be easily added)

As suggested by @WyriHaximus, storing the cookie jar could be done with react/cache which I find totally ok. Saving and loading to/from files could be implemented by the user or we could build something on top of ArrayCache.

After we settle the details of this, I would be happy to implement it :D

JustBeYou avatar Mar 07 '22 16:03 JustBeYou

As suggested by @WyriHaximus, storing the cookie jar could be done with react/cache which I find totally ok. Saving and loading to/from files could be implemented by the user or we could build something on top of ArrayCache.

The main reason I mentioned react/cache is so that other 3rd party packages can also provide storage: https://packagist.org/?query=react%20cache

After we settle the details of this, I would be happy to implement it :D

<3!

WyriHaximus avatar Mar 07 '22 20:03 WyriHaximus

@JustBeYou Excellent input, would love to see this in ReactPHP!

The HTTP Set-Cookie request headers and Cookie response headers are indeed supported just fine in ReactPHP, but there's no automatic behavior to make sense from them, so you'd have to "remember" the values somehow as suggested. Being able to turn this on and off makes perfect sense. The Cache component might indeed be a possible candidate here, but actual semantics may demand a dedicated interface. Sounds like you're on to something already, so I'm curious what you're going to come up with.

clue avatar Mar 10 '22 10:03 clue

Providing an API to set and retrieve cookies isn't really too hard, but we'd also have to take persistence into consideration. I don't think there's an agreed upon standard, but the Netscape cookie file format used by curl seems to be a decent contender.

acme.localhost   FALSE   /   FALSE   0   session  abc123

Some useful pointers:

  • WIP cookie RFC https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis and CVE-2022-36032
  • https://everything.curl.dev/http/cookies, https://everything.curl.dev/http/cookies/fileformat and https://curl.se/docs/http-cookies.html
  • https://docs.guzzlephp.org/en/stable/quickstart.html#cookies and https://docs.guzzlephp.org/en/stable/request-options.html#cookies
  • https://docs.php-http.org/en/latest/plugins/cookie.html and https://github.com/php-http/message/blob/master/src/CookieJar.php

clue avatar Aug 26 '22 13:08 clue