ghost
commented
1 year ago We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.
During work on making the cookies work on Windows, we found that we potentially lose information on cookies because we only select one, while multiple cookies can be present. See the original comment below and link to the PR where we found this.
Because this was not part of the original work and an edge-case we haven't found/hit in years I decided to not add that to said PR.
Note that this code is duplicated for each supported platform, so it has to be fixed multiple times. Or, ideally, we find a way to share that code better.
Related: #1785
Ok, this is unrelated to the change, but I am going to expose an interesting behaviour/bug with cookies that implies that this implementation is dropping cookies.
To understand the bug we need to remember that we can have two Set-Cookie headers with the same name but different domain. RFC6265 is a good example that show that this is indeed possible, and I quote:
RFC6265 also talks about the algorithm to use in the case that the client finds more than one cookie with the same name, and I quote again:
So, by doing a FirstOrDefault here when we do then sync, we are loosing information, because we are only setting the value of the first found cookie, which is in theory, but does not have to be, the one with the longest path. Since we are updating the code, we probably want to change the behaviour not to drop cookies. But I'm not sure if it is related to this PR at all.
_Originally posted by @mandel-macaque in https://github.com/dotnet/maui/pull/13518#discussion_r1127162473_