C# CookieContainer ignores a cookie

Question

I try to autologin to a PHP generated site which uses a normal form and cookies to auth the user.

For the connection I use the following code:

SocketsHttpHandler socketHandler = new SocketsHttpHandler();
Uri baseUri = new Uri("mySite");
socketHandler.CookieContainer = new CookieContainer();
socketHandler.UseCookies = true;
socketHandler.AllowAutoRedirect = true;

//HttpClientHandler handler = new HttpClientHandler();
//handler.CookieContainer = new CookieContainer();

httpClient = new HttpClient(socketHandler);
httpClient.BaseAddress = baseUri;

try{
  (call login.php with PostAsync to login on the side)
  ...
  HttpResponseMessage response = await httpClient.GetAsync("main.php").ConfigureAwait(false);
  response.EnsureSuccessStatusCode();

  string responseText = await response.Content.ReadAsStringAsync();

  <Here I miss a cookie>

  ...
} catch(HttpRequestException e)
{
  Console.WriteLine(e.Message);
}

(The code had Post to a login site and the CookieContainter stores now the cookies:

sid=3m8heu881bmh38g2dahn2lj8ka
token=c3f0f448e90da26d33eaec84f4c334cbf5dedd03f03a758d48f494cc9525a740e452d2d868e42f9398af53da4ed73e7f

After the GetAsync of the main.php I get a bulk of new cookies (VS Debugger view):

[0] "sid=qe1g1csvjc6h7075mlauv3pupf; path=/; HttpOnly"  string
[1] "sid=qe1g1csvjc6h7075mlauv3pupf; HttpOnly; Secure; SameSite=None"   string
[2] "sct_auth-hr_5a211a5ad7cd6ef0e05f18cef75d7c98=b3bcd0357d050f70be5d91e25d87d99f; HttpOnly; Secure; SameSite=None"    string
[3] "login_instance=hr; path=/; HttpOnly; Secure; SameSite=None"    string
[4] "foxy_items=%5B%5D; path=/; Secure; SameSite=None"  string
[5] "foxy_items=%5B%5D; path=/; Secure; SameSite=None"  string

Has anyone an idea, why the cookie 3 (sct_auth-hr_5a211a5ad7cd6ef0e05f18cef75d7c98) not in the CookieContainer is added? The other cookies are added correctly.

As workaround I use :

response.Headers.TryGetValues("Set-Cookie", out var setCookie);

to find the Cookie and add it manual. It works, no exceptions or other things that could prevent adding.

You create two instances of a CookieContainer. One on the SocketsHttpHandler and one on the HttpClientHandler. I would start with creating one and only one CookieContainer instance and always assign that instance to whatever handler needs a cookiecontainer. see for example: https://stackoverflow.com/a/38574653 Then retest and check if the problem persists — rene, Apr 12 '21 at 13:41
Hi, the HttpClientHandler is only a relict of different tries to find the cookie issue. Removing of the two lines have no impact to the main issue. I guss it is an issue in the area of the cookie name. I don't see any other major differences betrween the five cookies otherwise. I am confused abot the point, in the response Header the cookie is existing. — Björn Beuck, Apr 13 '21 at 04:50
So the sid and login_instance are added to the CookieContainer? — rene, Apr 13 '21 at 05:53
The problem seems to be that the cookie `sct_auth-hr_5a211a5ad7cd6ef0e05f18cef75d7c98` doesn't have a Path set so that cookie will only be added for response Urls that have the exact same Uri as where the cookie was received on. It is a bit similar as described here: https://stackoverflow.com/a/14979818/578411. The consensus seems to be that this is by design. — rene, Apr 13 '21 at 13:00

C# CookieContainer ignores a cookie

0 Answers0