App engine's development server behaves strangely with cookies. Is it caching them or something?

Question

I've noticed google app engine's development server handling cookies very strangely. Basically, they don't always to go away when they should. Hopefully somebody else knows what's going on and can enlighten me. Here's a rough outline of the steps to reproduce.

First, create three RequestHandlers: setcookie, deletecookie and displaycookie and give them paths that match (e.g. http://localhost:8080/setcookie/). Then do the following:

1) Hit setcookie
2) Hit displaycookie (it prints, right?)
3) Hit deletecookie
4) Close your browser
5) Open your browser and go to displaycookie (uh oh... it prints)
6) Check if the cookie really exists using FF's developer toolbar or somesuch (no cookie!)
7) Open a different browser and go to displaycookie (whoa, it prints!)
8) Restart app engine
9) Hit displaycookie (finally, it's gone)

So, what gives? The only thing I can think of is that the development server is doing some sort of caching. A quick google search yields a couple of other people who have had the same issue, but there haven't been any good responses so I figured I'd bring it here.

Here's some relevant code:

in the display handler:

cookie = self.request.cookies.get("MyCookie", '')
cookie_utf8 = cookie.encode("utf-8")
self.response.out.write("MyCookie = %s<br>" % cookie_utf8)

in the set handler:

expires = datetime.datetime.now() + datetime.timedelta(weeks=2)
expires_rfc822 = expires.strftime('%a, %d %b %Y %H:%M:%S GMT')
cookie = "MyCookie=Fresh;expires=%s;path=/" % expires_rfc822
self.response.headers.add_header("Set-Cookie", cookie)

in the delete handler:

expires = datetime.datetime.now() - datetime.timedelta(weeks=2)
expires_rfc822 = expires.strftime('%a, %d %b %Y %H:%M:%S GMT')        
cookie = "MyCookie=Stale;expires=%s;path=/" % expires_rfc822
self.response.headers.add_header("Set-Cookie", cookie)

Answer 1

There's nothing obviously wrong with your code, and App Engine certainly doesn't cache cookies - cookies are sent with each request in the HTTP headers, and it's up to the framework you're using to decode them.

Based on your problem description, though, it sounds like either your code or your framework is storing the value of the cookie in a local variable somewhere, and not overwriting it if it gets a request with no cookie. This would explain all the behaviour you're seeing, including the cookie showing up for other browsers, and the cookie going away when you restart the dev_appserver. Try logging the exact content of the headers sent by the client on each request to see what you get sent.

Answer 2

Trying using netcat to get the raw output:

echo -e "GET /setcookie/\n\n" | nc localhost 8080

Or use a packet capture tool like Wireshark. Are all the HTTP headers as they are supposed to be?