Closed bittebak closed 2 years ago
Hi @pragnagopa / @fabiocav, Can you please suggest how to proceed here
@v-bbalaiagar - please move this issue to https://github.com/Azure/azure-functions-python-worker/issues cc @vrdmr
Transferring this issue to python worker repo for further investigation.
Having the same issue. Is there any timeline available on if/when this will be available? Or would it be better to rewrite my functions to e.g. Node where setting multiple cookies seems to be available?
Leaving this here for anyone like myself who is searching for how to do this, finds this as the only relevant google search result, and can't figure out how to do it. Here's example code that is working.
response = func.HttpResponse(json.dumps({'code': 'success', 'message': "User logged in"}), status_code=200)
# Headers have to be added by this method as the default is a dict, which doesn't work because dict keys are unique
response.headers.add("Set-Cookie", f"token={token}")
response.headers.add("Set-Cookie", f"id={uuid}")
Leaving this here for anyone like myself who is searching for how to do this, finds this as the only relevant google search result, and can't figure out how to do it. Here's example code that is working.
response = func.HttpResponse(json.dumps({'code': 'success', 'message': "User logged in"}), status_code=200) # Headers have to be added by this method as the default is a dict, which doesn't work because dict keys are unique response.headers.add("Set-Cookie", f"token={token}") response.headers.add("Set-Cookie", f"id={uuid}")
Thanks for the code, but this ended up not working. You'll see the Set-Cookies in the header response, but if you'll notice in the cookie's tab, only one cooke is set, and since it's a dictionary, the second Set-Cookie overwrites the values of the first Set-Cookie.
Odd, that works perfectly fine for me. Behind the scenes it's not a dictionary actually, it's a list of tuples as seen in line 1138 of the Headers object file: self._list.append((_key, _value))
(Both of the credentials in the screenshot are now invalid btw, don't worry)
Here's what I'm seeing:
The client is a stock create react app running locally on https://127.0.0.1:3000 and using Chrome dev tools.
I'm using stock azure functions v4 with no middle where or extra imports -- maybe I need to add something?
So in terms of cookies, both show in the response, but for cookies set, only the first ever shows as valid by chrome. In prior iterations, I would see that the values for the first token would be overwritten by the second.
This is an issue with chrome, not your code. https://stackoverflow.com/questions/63204093/how-to-get-set-multiple-set-cookie-headers-using-fetch-api
Officially, there is no requirement to support multiple Set-Cookie headers in a response, so chrome's auto-parsing of your headers is deleting the second one (but the standard arguably says it could keep either one). If you try this with Postman or any other request client that supports multiple headers of the same name, you'll find you're getting both cookies set. Remember that how the headers are handled is entirely on the client, and you have full control over that in your client code.
Bug
When a HttpResponse has multiple headers with the same name, only one header is returned. Django uses multiple response cookies (e.g. 'csrf' and 'messages'). Multiple Set-Cookie headers can be returned. Set-Cookie is the name (the key) of the Http Response Header.
Context
A Django app running in an Azure Function
package
Version
Azure function runtime version = ~4
Reproduction
Run without azure.functions.WsgiMiddleware Two Set-Cookies headers are returned (as depicted above)
Run with azure.functions.WsgiMiddleware.handle
Only one header with the name "Set-Cookie" is returned.
Local and remote
This behaviour has been reproduced both locally (while debugging) as on an Azure Function container (icarus-int)
Root cause
Python package 'azure-functions' azure\functions_http.py
The headers are stored as a dictionary. All keys in a dictionary are unique.
References
https://www.rfc-editor.org/rfc/rfc6265#page-6 Section 3
"Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding."
https://www.rfc-editor.org/rfc/rfc6265#section-4.1 "Servers SHOULD NOT include more than one Set-Cookie header field in the same response with the same cookie-name. (See Section 5.2 for how user agents handle this case.)"
This means that multiple Set-Cookie headers with different cookie-names are allowed.