Save / serialize session cookies

[winteraz]

session cookies are not saved so this is a feature to add a flag/option to save session cookies as well.

[rogpeppe]

Isn't the very point of session cookies that they're not persisted outside the session? Why do you want to save session cookies too?

[winteraz]

I just need to resume a "session". Some web services are using session cookies. Re-authentication would require manual intervention(i.e. 2nd factor). Changing the way the web service works is not trivial and in some cases it may be impossible (i.e. if you don't control the web service).

[rogpeppe]

If you need this, wouldn't it be straightforward to create a wrapper type that wraps a cookie jar and makes sure that all cookies are stored with some minimum expiry time?

[winteraz]

That could be a choice as well but to be frank I don't find it great... 'persistent-cookiejar' (in my view) is supposed to provide "methods for dumping the cookies to persistent storage and retrieving them". I don't think the session cookies should be more special(i.e. ignored) than "normal" cookies. As long as they are supported by the standard net/http cookie jar, "persistent-cookiejar' should support them as well otherwise the package description should updated to something like "This implementation is a fork of net/http/cookiejar which also implements methods for dumping the cookies(only persistent cookies are supported, session cookies are not dumped) to persistent storage and retrieving them.

Considering this and that the changes are not that significant (e.g. https://github.com/winteraz/persistent-cookiejar/commit/9604f14abcd8d2985d5e594fed36891f2faeaac9 ) I believe it's worth it to support 'session' cookies as well in 'persistent-cookiejar'

[rogpeppe]

How long should a session cookie be stored for?

On 30 Jan 2018 21:16, "winteraz" notifications@github.com wrote:

That could be a choice as well but to be frank I don't find it great... 'persistent-cookiejar' (in my view) is supposed to provide "methods for dumping the cookies to persistent storage and retrieving them". I don't think the session cookies should be more special(i.e. ignored) than "normal" cookies. As long as they are supported by the standard net/http cookie jar, "persistent-cookiejar' should support them as well otherwise the package description should updated to something like "This implementation is a fork of net/http/cookiejar which also implements methods for dumping the cookies(only persistent cookies are supported, session cookies are not dumped) to persistent storage and retrieving them.

Considering this and that the changes are not that significant (e.g. winteraz/persistent-cookiejar@9604f14 https://github.com/winteraz/persistent-cookiejar/commit/9604f14abcd8d2985d5e594fed36891f2faeaac9 ) I believe it's worth it to support 'session' cookies as well in 'persistent-cookiejar'

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/juju/persistent-cookiejar/issues/29#issuecomment-361736680, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEDu1hHZ4U5FIVksKInEeCiBPUAj3dLks5tP4aPgaJpZM4Rv5GP .

[winteraz]

Indefinitely/until it's removed (using Set-Cookie with negative expiry) ?

[rogpeppe]

Indefinitely/until it's removed (using Set-Cookie with negative expiry) ?

That seems like the exact opposite of what should happen with a session cookie.

I guess one possibility is to have a configuration flag that governs whether session cookies are persisted or not.

[vponomarev]

Does this feature plans to be implemented? I faced the same issue - making console app, that should save session cookies between app runs and found, that original Go library don't support save/restore at all :(

This library looks to be a good solution, but as i see - i can use it only if session cookie backup/restore will be implemented.

Hope library author will accept recent patches.