3

I am working on some browser-like cookie handling in Node.JS and want to know how far to expand on this code from NodeJS and HTTP Client - Are cookies supported?

The code drops everything after the first semicolon.

var cookie = get(response.headers, "Set-Cookie")
if (cookie) {
  cookie = (cookie + "").split(";").shift()
  set(opts.headers, "Cookie", cookie)
}

I will expand on that in limited ways and am looking at how to avoid a re-write for future steps.

I have seen multiple cookies being set using multiple Set-Cookie headers.

Community
  • 1
  • 1
700 Software
  • 85,281
  • 83
  • 234
  • 341

1 Answers1

5

Dropping everything after the first semicolon is a bad idea, since that carries the cookie metadata. Here's the Set-Cookie header I received from StackOverflow (slightly redacted):

usr=t=ABCDEFGHIJ&s=23412341234; domain=.stackoverflow.com; expires=Fri, 04-Nov-2011 07:39:57 GMT; path=/; HttpOnly

Multiple cookies being set looks like this:

hest2=spam, pony2=spam, sovs2=spam; expires=Wed, 04-May-2011 07:51:27 GMT, NO_CACHE=Y; expires=Wed, 04-May-2011 07:56:27 GMT; path=/; domain=.something.d6.revealit.dk

So the cookie string is rather complex to parse, so I don’t think there's a simple way to accomplish this…

mikl
  • 23,749
  • 20
  • 68
  • 89
  • Thanks, it was not my idea to drop everything after the semicolon, it is rather the code I am starting with. Thank you for the above examples. Like I said, I will expand on this in limited ways. Currently, I am safe to have the program fail on any unexpected cookie format which is what I am doing, but I will probably write a more generic cookie handler and I will consider these formats. – 700 Software May 04 '11 at 13:50