Really weird Cookie header behaviour? - Cookies

Question

Hi folks,

I'm using Firefox 3.6.8 for these tests.

I'm setting a cookie within the response headers of my web app using:

Set-Cookie: session=7878dfdsfjsdf89sd89f8df9

This does not seem to override the session Cookie.

---

When a request is performed instead Firefox even sends duplicate cookies:

Cookie: session=7d75cd8f55895cbccb0d31ee07c7afc0; 
        session=671e8448a5cebda0442005a186cf69a3; 
        4cb6f2d75c9ffc8916cb55bcbaafecd8

---

What is going on?? Any ideas would be great!! =)

---

This is quite disastrous in my case... if someone could explain what's going on it would really help me out!

Answer 1

You can delete the previous cookie using the response object.

response.delete_cookie(cookie_key)

The set of cookies is available via the request object in the request.COOKIES dictionary, and you can obtain the key from there.

Since you're using Django, here's how you might do this in the view function:

def my_view(request):
    # do some work and create a response object
    response = HttpResponse(some_content)

    # first delete any previously set cookie named "session"
    if 'session' in request.COOKIES:
        response.delete_cookie('session')

    # set the new cookie
    response.set_cookie('session', <cookie value goes here>')
    return response

Answer 2

If you don't specify the path or domain for a cookie when setting it, it defaults to the current path and current hostname. If you then go ahead and try setting the same cookie name from a URL with a different path or hostname, it will add a new cookie instead of replacing the old one.

I suspect what you want to do is just set a cookie with a global path for your site and for your entire domain. So something like this:

Set-Cookie: session=7878dfdsfjsdf89sd89f8df9; path=/; domain=.mysite.com