Cookies are only preserved for the single next request #363
Comments
|
Working around it like this for now: |
|
Other problem related to cookies: https://groups.google.com/forum/#!topic/savonrb/fOAJYIWCj8M |
|
i don't know too much about cookies. is it "valid" to simple aggregate all cookies from all responses? |
|
I think aggregating all cookies from all responses would be close to the correct solution. Definitely a big improvement. There is probably an edge case where two responses both pass "Set-Cookie" with the same cookie name but different values. In that case only the latest one should be kept. E.g. response 1: Response 2: In that case, we want only "foo=baz". |
|
@rubiii This issue is better classified as feature request (in my opinion). @henrik wants savon to persist cookies between requests, you can aggregate all cookies, but when you request something, you have to add cookies only from request domain. You can see this http_monkey's middleware https://github.com/rogerleite/http_monkey-cookie, on notes section from Readme have great links about cookies. |
|
Well, it's somewhere inbetween a feature request and a bug. Savon 1 didn't attempt to remember cookies for you, but documented a solution you could implement yourself. Savon 2 attempts to remember it for you but does so in a way that is limited or buggy depending on your perspective :) |
|
@henrik you're right. Savon implementation on remembering cookies is wrong. |
|
shouldn't cookies be repeated for every request? i'm probably wrong, but isn't that what browsers do? |
|
@rogerleite ok, as far as i understand, this could be a completely separate option that would not change savon's |
|
@rogerleite regarding your comment "Savon implementation on remembering cookies is wrong." |
|
@rubiii When i said "Savon implementation on remembering cookies is wrong.", i mean that Savon send cookies from only last response is wrong (unless you document this and warns users like @henrik said). If you want to correctly implement cookies, you should persist all response cookies (in memory or somewhere else) and when you do a request, you have to look for cookies from request's domain and add on Cookie request header. It's very boring to implement. If you always send all cookies, you open apps to Cookie Spoofing. |
|
that's what i understood. thanks for explaining. still not sure what to do :( |
|
The middleware's code is really ugly, i did in hurry, just to validate the idea. You could try a "snippet" solution, using https://github.com/dwaite/cookiejar to save and retrieve cookies between requests. |
|
I didn't intend that as advice, but you're right, that makes for a simple I'm not sure what other cookie scenarios are possible elsewhere, but with Seems like a fun thing to try to fix properly, though, if I ever find the On Wed, Jan 16, 2013 at 1:39 PM, Roger Leite [email protected]:
|
|
I think that "multiple cookies bug" is more urgent than the one related to preserving cookies along multiple requests, because there isn't any workaround for the first. |
|
released httpi v2.0.1 to solve #257. |
|
i'm removing the current implementation of remembering cookies from 2.1.0. # first request
response = client.call(:connect, message: credentials)
auth_cookies = response.http.cookies
# subsequent requests
client.call(:whatever, message: whatever, cookies: auth_cookies)httpi can return an array of cookie objects and i'm just not sure if those work for you or if you would let me know what you think. |
|
@rubiii Yeah, I think that would work fine for my use case. I kind of like how explicit it would be. Especially if the current alternative is implicit but with edge cases. |
|
@henrik the example above should now work on master. please give it a try. |
|
@rubiii Just tried it and it works fine. Liked the API, too. Thanks! It took me a while to figure out cookie handling in Savon 2 since I don't believe it was documented, at least not on savonrb.com, so maybe a paragraph about cookies could be added to http://savonrb.com/version2.html? |
|
nice! i documented the changes a few hours ago. |
|
@rubiii You've thought of everything :) Appreciate it! |
|
@rubiii great job ㊗️ |
|
thanks 😊 |
|
@rubiii Many thanks! Is it possible to release v. 2.0.4 with this fix, in order to prevent any kind of problems when deploying in production server? |
|
this requires at least a minor version increase. following semver, this could not be changed at all before 3.0, |
|
released v2.1.0. please refer to the updated changelog and documentation for details. let me know how it works! |
https://github.com/savonrb/savon/blob/master/lib/savon/request.rb#L62
Requests use the cookie that was set in the last request. So this works:
But if you add a third step, it doesn't get the cookie, since its "last request" (step 2) didn't set any cookie in its request.
Not sure what would be the best solution. Maybe store away the response.http.cookies in
@globalonly if they are present (a non-empty array), and pass that into httpi?The text was updated successfully, but these errors were encountered: