-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RequestHeader.Cookie
: Improve multiple cookies with same name support
#1584
Comments
The problem is that all our methods assume there aren't duplicate cookies. Currently there is already a way to get the values of duplicate cookies: |
I understand you don't want to break the API, or add something new, but I don't think that is necessary: changing |
I'm open for a pull request that only changes which of the cookies is returned. |
From my understanding of the code, and testing though a third party server using fasthttp (Authelia), it seems like
RequestHeader.Cookie
(and thusSession.getSessionID
) uses the first matching value it finds.According to RFC 6265 4.2.2. Semantics:
While not mandatory (RFC uses "SHOULD", not "MUST"), it would be nice to implement this behavior.
The use case I have, and why I ended up here is I'm using the same service on two domains:
auth.example.com
andauth.sub.example.com
. When my browser makes a request tosvc.sub.example.com
, it sends both cookies (Same-Site=lax
is required for auth on subdomains that are notauth
), thus fasthttp only finds the session if theauth.sub
cookie was serialized first.Current solution on my side is using different cookie names, but I thought I'd bring it up here since it seems like a valuable addition.
P.S. I only skimmed the code so this might not be possible, but maybe making
RequestHeader.cookies
a map instead of a slice would both make the code simpler and faster.The text was updated successfully, but these errors were encountered: