Open Afoucaul opened 4 years ago
Hi!
I expect that a cookie set via Set-Cookie and with an expires field compliant with RFC 2822 is correctly set in the session's cookies.
Why do you expect that? For what I've googled, cookies should follow RFC 6265 and there's no information that the Expires should follow RFC 2822 date.
I think I'm running into the same issue. Here's some demo code:
import asyncio
async def main():
import requests
session = requests.Session()
response = session.get('https://imgbox.com/')
print('requests headers:', response.headers)
print('requests cookies:')
for k, v in response.cookies.items():
print(k, v)
import aiohttp
async with aiohttp.ClientSession() as session:
async with session.get('https://imgbox.com/') as response:
print('aiohttp headers:', response.headers)
print('aiohttp cookies:')
for c in session.cookie_jar:
print(c)
asyncio.run(main())
The headers contain -0000
as the time zone. requests
sets the cookie as expected while aiohttp
doesn't.
Here's a quote from https://tools.ietf.org/html/rfc2616#section-3.3.1 (via https://tools.ietf.org/html/rfc6265#section-4.1.1):
Recipients of date values are encouraged to be robust in
accepting date values that may have been sent by non-HTTP
applications, as is sometimes the case when retrieving or posting
messages via proxies/gateways to SMTP or NNTP.
It took me many hours to figure out why the cookie jar was empty and was so frustrated that I was close to sticking with requests
.
Would it be acceptable to parse non-compliant dates?
I ran into this problem and fixing it gave me quite a headache.
Since I was working with a 3rd party API, I had to circumvent the problem. I solved it like this:
For the record (and in response to @plotski's last question): I think that such dates should be parsed because that's what all the browsers and most other libraries do.
Long story short
I was using a
ClientSession
with an API that replied withSet-Cookie
, but the date format use forexpires
was not RFC 2616-compliant, but RFC 2822-compliant: the timezone was notGMT
, but-0000
. More concretely, the following cookie fails:While this one works:
Expected behaviour
I expect that a cookie set via
Set-Cookie
and with anexpires
field compliant with RFC 2822 is correctly set in the session's cookies.Actual behaviour
The cookie is passed to
http.cookies.SimpleCookie
, and at one point goes through the_CookiePattern
regex that explicitly requires date fields to end withGMT
.http.cookies:434
:Line
444
:Steps to reproduce
Please see this StackOverflow post where I include an MWE showing the behaviour, as well as an MWE with
requests
which shows the expected behaviour.Your environment