HttpWebResponse.Cookies empty despite Set-Cookie Header (no-redirect)
Solution 1
UPDATE five years later, someone actually mentioned the correct way to do it: setting up the CookieContainer correctly in the first place and letting it handle everything. Please refer to Sam's solution further down.
I've found that issue as well, when reading Cookies in C# that were created by a C# ASP.NET app... ;)
Not sure if it has to do with it, but I found that the two Cookies that are set in my case are written in a single Set-Cookie header, with the cookie payload separated by commas. So I adapted AppDeveloper's solution to deal with this multiple-cookie issue, as well as fixing the name/value thing I mentioned in the comments.
private static void fixCookies(HttpWebRequest request, HttpWebResponse response)
{
for (int i = 0; i < response.Headers.Count; i++)
{
string name = response.Headers.GetKey(i);
if (name != "Set-Cookie")
continue;
string value = response.Headers.Get(i);
foreach (var singleCookie in value.Split(','))
{
Match match = Regex.Match(singleCookie, "(.+?)=(.+?);");
if (match.Captures.Count == 0)
continue;
response.Cookies.Add(
new Cookie(
match.Groups[1].ToString(),
match.Groups[2].ToString(),
"/",
request.Host.Split(':')[0]));
}
}
}
Solution 2
The Cookies property will be null unless the CookieContainer is set on the HttpWebRequest. So the proper way to do this is to set the CookieContainer member before retrieving the response:
var request = (HttpWebRequest)HttpWebRequest.Create(..);
request.CookieContainer = new CookieContainer();
var response = request.GetResponse();
// ..response.Cookies will now contain the cookies sent back by the server.
You don't need to manually parse Set-Cookie.
See the documentation for more information.
Solution 3
It seems like Set-Cookie header sent by the website is malformed (Not in the typical format it should have been).
In such case you need to Parse cookie manually and it it to the CookieContainer.
for (int i = 0; i < b.Headers.Count; i++)
{
string name = b.Headers.GetKey(i);
string value = b.Headers.Get(i);
if (name == "Set-Cookie")
{
Match match = Regex.Match(value, "(.+?)=(.+?);");
if (match.Captures.Count > 0)
{
reqCookies.Add(new Cookie(match.Groups[1].Value, match.Groups[2].Value, "/", "example.com"));
}
}
}
Solution 4
Use a CookieContainer as in this answer.
What tripped these regex approaches up for me was a comma in expires=Tue, ....
Solution 5
Looking on other answers I improved incorrect cookie handling. Unlike those answers this one automatically handles all cookie properties (such as expired, secure, etc.) and works with all range of cookies (even when there are more than 1 incorrect cookie).
It's implemented as extension method and can be used in the following way:
//...
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
request.FixCookies(response);
//...
FixCookies() extension method:
using System;
using System.Collections.Generic;
using System.Net;
namespace AG.WebHelpers
{
static public class ExtensionMethods
{
static public void FixCookies(this HttpWebRequest request, HttpWebResponse response)
{
for (int i = 0; i < response.Headers.Count; i++)
{
string name = response.Headers.GetKey(i);
if (name != "Set-Cookie")
continue;
string value = response.Headers.Get(i);
var cookieCollection = ParseCookieString(value, () => request.Host.Split(':')[0]);
response.Cookies.Add(cookieCollection);
}
}
static private CookieCollection ParseCookieString(string cookieString, Func<string> getCookieDomainIfItIsMissingInCookie)
{
bool secure = false;
bool httpOnly = false;
string domainFromCookie = null;
string path = null;
string expiresString = null;
Dictionary<string, string> cookiesValues = new Dictionary<string, string>();
var cookieValuePairsStrings = cookieString.Split(';');
foreach(string cookieValuePairString in cookieValuePairsStrings)
{
var pairArr = cookieValuePairString.Split('=');
int pairArrLength = pairArr.Length;
for (int i = 0; i < pairArrLength; i++)
{
pairArr[i] = pairArr[i].Trim();
}
string propertyName = pairArr[0];
if (pairArrLength == 1)
{
if (propertyName.Equals("httponly", StringComparison.OrdinalIgnoreCase))
httpOnly = true;
else if (propertyName.Equals("secure", StringComparison.OrdinalIgnoreCase))
secure = true;
else
throw new InvalidOperationException(string.Format("Unknown cookie property \"{0}\". All cookie is \"{1}\"", propertyName, cookieString));
continue;
}
string propertyValue = pairArr[1];
if (propertyName.Equals("expires", StringComparison.OrdinalIgnoreCase))
expiresString = propertyValue;
else if (propertyName.Equals("domain", StringComparison.OrdinalIgnoreCase))
domainFromCookie = propertyValue;
else if (propertyName.Equals("path", StringComparison.OrdinalIgnoreCase))
path = propertyValue;
else
cookiesValues.Add(propertyName, propertyValue);
}
DateTime expiresDateTime;
if (expiresString != null)
{
expiresDateTime = DateTime.Parse(expiresString);
}
else
{
expiresDateTime = DateTime.MinValue;
}
if (string.IsNullOrEmpty(domainFromCookie))
{
domainFromCookie = getCookieDomainIfItIsMissingInCookie();
}
CookieCollection cookieCollection = new CookieCollection();
foreach (var pair in cookiesValues)
{
Cookie cookie = new Cookie(pair.Key, pair.Value, path, domainFromCookie);
cookie.Secure = secure;
cookie.HttpOnly = httpOnly;
cookie.Expires = expiresDateTime;
cookieCollection.Add(cookie);
}
return cookieCollection;
}
}
}
Brad
Updated on July 13, 2022Comments
-
Brad almost 2 years
I'm struggling to figure out what is wrong here. I'm sending login information, I can see the Set-Cookie in the Header with the correct value, but the Cookies collection is not getting filled.
This is HTTPS, the login auto-redirects, but I disabled it with AllowAutoRedirect=false to try to troubleshoot this issue.
In this screenshot, you can easily see the debug information and that the cookie should be getting set. I am setting my httpWebRequest.Cookie to a new CookieCollection.
HttpWebRequest httpRequest; CookieContainer reqCookies = new CookieContainer(); string url = "https://example.com"; string[] email = user.Split('@'); email[0] = System.Web.HttpUtility.UrlEncode(email[0]); user = email[0] + "@" + email[1]; pass = System.Web.HttpUtility.UrlEncode(pass); string postData = "email=" + user + "&password=" + pass; byte[] byteData = Encoding.UTF8.GetBytes(postData); httpRequest = (HttpWebRequest)WebRequest.Create(url); httpRequest.Method = "POST"; httpRequest.Referer = url; httpRequest.CookieContainer = reqCookies; httpRequest.UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.19"; httpRequest.Accept = "text/html, application/xhtml+xml, */*"; httpRequest.ContentType = "application/x-www-form-urlencoded"; httpRequest.ContentLength = byteData.Length; using (Stream postStream = httpRequest.GetRequestStream()) { postStream.Write(byteData, 0, byteData.Length); postStream.Close(); } httpRequest.AllowAutoRedirect = false; HttpWebResponse b = (HttpWebResponse)httpRequest.GetResponse();Tried the exact same code connecting to http://www.yahoo.com and the cookies are put into my collection... Argh...
Here is the Set-Cookie Header value:
s=541E2101-B768-45C8-B814-34A00525E50F; Domain=example.com; Path=/; Version=1