Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to access multiple 'set-cookie' #1445

Open
totszwai opened this issue Dec 14, 2018 · 2 comments
Open

Unable to access multiple 'set-cookie' #1445

totszwai opened this issue Dec 14, 2018 · 2 comments

Comments

@totszwai
Copy link

How do you access multiple 'set-cookie' from the headers?

cache-control: max-age=315360000
cache-control: public
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 14 Dec 2018 16:24:17 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: no-cache
set-cookie: csrftoken=##allyourbasebelongtous; Secure; Path=/
set-cookie: session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Secure; HttpOnly; Path=/
status: 200
strict-transport-security: max-age=3600; includeSubDomains
vary: Accept-Encoding

It only gives the last one:

{ date: 'Fri, 14 Dec 2018 17:36:01 GMT',
  'content-type': 'text/html; charset=utf-8',
  'transfer-encoding': 'chunked',
  connection: 'close',
  vary: 'Accept-Encoding',
  'cache-control': 'no-cache, no-store, must-revalidate, private',
  pragma: 'no-cache',
  'set-cookie':
   [ 'global-session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Secure; HttpOnly; Path=/' ],
  'strict-transport-security': 'max-age=3600; includeSubDomains',
  'x-using-nginx-controller': 'true',
  'content-encoding': 'gzip' }
@niftylettuce
Copy link
Collaborator

PR welcome to fix this

@niftylettuce niftylettuce mentioned this issue Jun 6, 2019
Closed
12 tasks
@ksnll
Copy link

ksnll commented Oct 3, 2019

I tried to reproduce this one without success.
This is the edpoint I'm using to test the behaviour

app.get('/multiple-cookies', (req, res) => {
  res.cookie('csrftoken', 'allyourbasebelongtous', { path: '/', secure: true })
  res.cookie('session', 'e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU', { path: '/', secure: true, httpOnly: true })
  res.send('ok');
});

and the relative curl response

< HTTP/1.1 200 OK
< X-Powered-By: Express
< Cache-Control: no-cache, no-store
< Set-Cookie: csrftoken=allyourbasebelongtous; Path=/; Secure
< Set-Cookie: session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Path=/; HttpOnly; Secure
< Content-Type: text/html; charset=utf-8

and this is correctly returned by superagent

 'set-cookie':
   [ 'csrftoken=allyourbasebelongtous; Path=/; Secure',
     'session=e1863fa85446b9d4_5c12b471.q7CsxJgkqMkCL3cV_KL9MNiMugU; Path=/; HttpOnly; Secure' ],

let me know if there is anything I'm missing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@niftylettuce @ksnll @totszwai