CookieContainer does not store cookies for internationalized domain names

Question

I'm trying to perform authorization on a cyrillic domain using WebClient. Authorization goes through few stages with redirects between normal and punicode domains. The problem is HttpWebRequest can not store cookies in assigned CookieContaier if it was set by punycode domain. For example, this code will throw CookieException.

var cookie = new Cookie("test_cookie", "test_value", "/", ".xn----7sbcca6bi0ak9b0a6f.xn--p1ai");
var container = new CookieContainer().Add(cookie);

The problem is exacerbated by the fact that response that sets cookie redirects to another page, i.e. after WebClient.UploadValues(...) have been executed there's no cookie information in WebClient.ResponseHeaders.

Below is normal authorization process (using browser)

Method  Result  Received  Type       URL                                                        RedirectURL                                                Set-Cookie                                                                                                                                 
POST    302     1,18 K    text/html  http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin/login       http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin             sess_id=.......; expires=Mon, 06-Jun-2016 07:20:57 GMT; Max-Age=31536000; path=/; domain=.xn----7sbcca6bi0ak9b0a6f.xn--p1ai; httponly     
GET     302     722       text/html  http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin             /admin/orders                                                                                                                                                                                        
GET     200     200,00 K  text/html  http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin/orders

Is there any workaround?

Could anyone confirm it is a bug? May be I should report it to https://connect.microsoft.com/VisualStudio/ ? — Leff, Jun 08 '15 at 07:07
Update: 1. IDN and IRI processing must be enabled in configuration to reproduce the behaviour described above. 2. Obviously, internal method `VerifySetDefaults` of the `System.Net.Cookie` class is the reason of the problem. I am trying to figure out why, but `VerifySetDefaults` is quite sophisticated for me. — Leff, Jun 09 '15 at 07:32
Update: It seems that `VerifySetDefaults` is trying to compare an IDN with its punycode representation, when it fails the exception is thrown. — Leff, Jun 09 '15 at 07:50

score 1 · Answer 1 · answered Jun 08 '15 at 07:11

1

Are you sure the IDN is the problem?

The following code snippet (which is the same as yours, but with the second line split up to make it compile)

var cookie = new Cookie("test_cookie", "test_value", "/", ".xn----7sbcca6bi0ak9b0a6f.xn--p1ai");
var container = new CookieContainer();
container.Add(cookie);

container.GetCookies(new Uri("http://test.xn----7sbcca6bi0ak9b0a6f.xn--p1ai")).Dump();

does not throw a CookieException at all (run from LINQPad). Could the problem perhaps be in the name and/or value you are trying to set for the cookie? What is the exact message you get from the CookieException?

answered Jun 08 '15 at 07:11

Paul-Jan

16,746
1
63
95

It is definitely IDN problem, because regular domain cookies are stored well. Your code snippet throws an exception on .net fw 4.5.1. What version you've used to test? – Leff Jun 08 '15 at 07:29
Running 4.0.30319.34014, which is .NET 4.5.1 on Windows 8.1 64-bit . – Paul-Jan Jun 08 '15 at 10:24
I've find out why you get no exception. There must be `` section set in config file, for normal IDN handling. When it is not set any kind of WebRequest can not resolve internationalized domain names, although CookieContainer stores IDN cookies as it should. Very odd behaviour. – Leff Jun 08 '15 at 21:06
Thanks for sharing! I can now reproduce the problem indeed. Tried to figure out what the implication of this setting is on the VerifySetDefaults behavior (it should only affect Uri implementation I think), but failed so far. – Paul-Jan Jun 09 '15 at 09:00
`VerifySetDefaults` performs comparision between Set-Cookie domain (which is punycode) and it's `System.Net.Uri` representation (which is unicode IDN if IDN support is enabled). Of course they are different in case of IDN. Btw, there is a way to store punicode domain cookie using `CookieContainer.Add(Uri uri, Cookie cookie)` method, where `Cookie.Domain` field is empty. But WebRequest uses `CookieContainer.Add(CookieCollection cookies)` method which fails for IDN. – Leff Jun 09 '15 at 12:16

CookieContainer does not store cookies for internationalized domain names

1 Answers1