Closed anexa-digital closed 3 years ago
Hi!
Thanks for reporting. That's interesting topic.
According to RFC 6265 the only valid separator for set-cookie is semicolon.
SameSite
cookie is not added by Odoo. See https://github.com/odoo/odoo/issues/51065
Maybe your frontend is adding it and it is possible to change separator it uses?
CF is dropping __cfduid
so not worth bothering https://blog.cloudflare.com/deprecating-cfduid-cookie/
It might be dart's issue. Headers with same name are joined with comma https://github.com/dart-lang/http/blob/master/lib/src/io_client.dart#L43
@anexa-digital please try version 0.4.3. It should handle you case now.
Except second point.
Setting all cookies requires proper handling of cookie rules as SameSite
or Expires
.
It may be required for cases like Sticky Session. It should be done as separate feature not a fix commit.
Works great! Thanks a lot.
Hi. Great job.
I have found 2 issues:
Content of set-cookie: __cfduid=d7aa416b09272df9c8ooooooo84f5d031615155878; expires=Tue, 06-Apr-21 22:24:38 GMT; path=/; domain=.mhfly.com; HttpOnly; SameSite=Lax,session_id=16ec9824767d8ca27ooooooo2fa61803fb35857b; Expires=Sat, 05-Jun-2021 22:24:38 GMT; Max-Age=7776000; HttpOnly; Path=/
Note that separator between SameSite=Lax AND session_id =... is a comma, not a semicolon. This Odoo bug cause bad parsing in _updateSessionIdFromCookies
Even sending whole original set-cookie obtained from authentication also works (just changing comma separator by semicolon).
Best regards.