Cookie header broken in browser request mode when custom cookie is appended to existing browser cookie

[roelleor]

hi, probably a stupid question, but I don't know how to add cookie. Adding a value to the header does not seem to work. Thanks!

[frigus02]

Hi @roelleor. RESTer does not have a special interface for cookies. You need to write the Cookie header manually. This should work, though.

The value for the Cookie header are name values pairs (see MDN for more). So this should set the cookie named "foo" with the value "bar" and the cookie named "a" with the value "1":

If it does not work then this might be a bug. Can you provide your browser version and an example request in this case?

P.S.: I explained here how RESTer handles Cookies.

[roelleor]

Hi @frigus02, thanks (also many thanks for the project), I actually tried that. But in browser request mode that doesn't work. In clean request mode it works however, so that is nice. In browser mode it adds that Cookie to the PHPSESSID, the var_dump becomes:

array (size=1)
  'PHPSESSID' => string 'p786hkvqtl1pnihecap3b74ne1, XDEBUG_SESSION=PHPSTORM' (length=51)

[frigus02]

That's a good catch. The idea was, that RESTer appends the cookies you entered manually to the cookies, that the browser has stored. But appearently it appends it using a comma instead of a semicolon. I will see if I can fix this.

Btw.: What have you expected to happen? Assuming the browser has stored the cookie fruit=banana and you enter the header Cookie: vegetable=tomato. Which resulting header is more intuitive?

1. Cookie: fruit=banana; vegetable=tomato
2. Cookie: vegetable=tomato

I thought 1 would be better, because it would be more confusing if RESTer would suddenly remove a cookie when you add a manual cookie header. But I would love to hear other opinions.

[roelleor]

I now see that if I use the browser request mode and put a semicolon before the cookie, it works as expected, i.e., it just adds it as extra cookie.

To answer your question: I would expect the result to be like 1: Cookie: fruit=banana; vegetable=tomato. Otherwise it becomes impossible for the server to add any cookies whatsoever. If that is what you want, then you can use a clean request, right? I may be missing many use-cases however, but that's my perspective.

[frigus02]

Thanks. That's good to know. :+1:

As I have the same opinion, I will try to make it work like option 1.

[frigus02]

Version 3.8.0 (released a few minutes ago) should fix this. I noticed it does not work on POST requests for some reason. I believe this is a bug in Firefox because it works fine in Chrome and for GET requests. I will search for known bugs and create one otherwise.