Skip to content

net/http: does not handle semicolon-terminated cookie strings very well #52349

Closed
@zjclyz

Description

@zjclyz

What version of Go are you using (go version)?

$ go version
1.16.3

Does this issue reproduce with the latest release?

I tried version 1.18 and it did not solve my problem completely.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE="on"
GOARCH="amd64"
GOBIN="/Users/xxx/go/bin"
GOCACHE="/Users/xxx/Library/Caches/go-build"
GOENV="/Users/xxx/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/xxx/go/pkg/mod"
GONOPROXY="git.xx.oa.com"
GONOSUMDB="git.xx.oa.com"
GOOS="darwin"
GOPATH="/Users/xxx/go"
GOPRIVATE="git.xx.oa.com"
GOPROXY="https://goproxy.cn,direct"
GOROOT="/Users/xxx/go/go1.16.3"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/Users/xxx/go/go1.16.3/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.16.3"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/xxx/develop/doc_pro1/xxx-xxx/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/gg/4vpkn5v518g_bdwnnq4w6zpm0000gn/T/go-build3887804640=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

The following code has reproduction problems:

import (
	"fmt"
	"net/http"
)

func main() {
	r := &http.Request{Header: map[string][]string{"Cookie": {"test1=1;"}}} // This test cookie string ends with a semicolon
	r.AddCookie(&http.Cookie{Name: "test2",Value: "2"}) // Append a cookie
	for _, c := range r.Cookies() { // Only test1 is printed, test2 is missing
		fmt.Println("cookie:", c.Name, c.Value)
	}
        fmt.Println(r.Header.Get("Cookie"))
}

What did you expect to see?

The actual printed results of the demo code:

cookie: test1 1
test1=1;; test2=2

The result I expect:

cookie: test1 1
cookie: test2 2
test1=1; test2=2

Why can't the http.Request.AddCookie() method remove the semicolon at the end and then append the cookie string?

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions