-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookies carry over to different domain & don't expire #2186
Comments
@max-te so there's some history for this. I'm tagging is as help-wanted: #2165 In the past we did try to "expire" cookies, but then decided to let karate just send everything, so that the user could set up invalid cookies as a negative case I guess a workaround would be to remove cookies. I'm open to adding behavior to karate to somehow clear or delete cookies, any suggestions for syntax are welcome |
I suspected something like that. In my use-case server 1 is an auth server which issues api-tokens and sets some of its own cookies, and which are not part of the scope of my testing. Those cookies confuse server 2. Maybe its necessry to distinguish between cookies set by Set-Cookie headers vs. user-set cookies? Still, I understand that this is hard to solve in a way which covers all use-cases. Clearing all cookies ( |
@max-te ah yes, will leave this discussion open because I wonder if it makes sense to intro a way to "clear all cookies" but allow any new cookies to be honored. as of today, if we do |
closing because when I thought about it more |
To reproduce this bug, I've set up two temporary Cloudflare workers and I'm using the following scenario:
The first domain sets two cookies,
COOKIEA
andCOOKIEB
, whereCOOKIEB
should expire immediately. (It is a cookie header as you would set to delete a cookie):Neither cookie should be used when sending a request to a different subdomain.
COOKIEA
because it is on the wrong domain, andCOOKIEB
because it is both on the wrong domain and expired. However, Karate 1.3.0 does send both of them:The text was updated successfully, but these errors were encountered: