CookieContainer's bug, I need developers help!

275 views
Skip to first unread message

SalarSoft

unread,
Jul 18, 2009, 2:52:12 PM7/18/09
to ASProxy
After hard testing about why cookies doesn't work properly in ASProxy,
I could figure out a bug in CookieContainer class.
This class acts like database for cookies to send and receive them
from HttpWebRequest and HttpWebResponse.

The problem is about how CookieContainer handles domain. There are two
ways, one for Set-Cookie2 and one for Set-Cookie that CookieContainer
work. These refers to RFC 2965 and RFC 2109.

I have created a test about this behavior and you can find it here:
http://stackoverflow.com/questions/1047669/cookiecontainer-bug
I shows the bug clearly

The main problem is the CookieContainer doesn't send desired cookies
to the specifed domain:
According to RFC 2109 the domain ".site.com" and "site.com" matches
host "http://site.com". But my test shows the CookieContainer class
doesn't act as expected.

I could find some workaround and hack which their links are blow, they
can fix this partially but they cause another issues. Such as extra
matching cookies which may cause some security issues (Gmail detects
this and that's why it doesn't work with ASProxy).

And now here is my suggestions to overcome this bug:
1- Hacking CookieContainer by using reflection.
2- Creating a new Cookie Database like class to store cookies, which
returns a CookieContainer to send it to WebRequest and WebResponse.
3- You tell!


Note: I have created to class which one of them is excluded from
project but both of them works. They are used to work with cookies and
implements CookieManager.
One is called "CookieManager_Old" and one called "CookieManager_New".
You can have a look at them. But non of them work properly that.
Please check that to see how cookies is implemented in ASProxy.

The resources about this issue:
http://stackoverflow.com/questions/1019876/cookie-on-an-intranet-domain
http://social.msdn.microsoft.com/Forums/en-US/ncl/thread/c4edc965-2dc2-4724-8f08-68815cf1dce6

Samson

unread,
Sep 5, 2009, 10:53:32 AM9/5/09
to ASProxy
I'm not good at web program, but I'm wondering if it is possible to
write a new CookieContainer like this:
class NewCookieContainer : CookieContainer
{
public new CookieConnection GetCookies(uri)
{
do some special checks
if(the uri will cause bug)
do my code like use reflection;
else
return base.GetCookies(uri);
}
}
I hope that would work and thank you for your great work.

Samson
> The resources about this issue:http://stackoverflow.com/questions/1019876/cookie-on-an-intranet-domainhttp://social.msdn.microsoft.com/Forums/en-US/ncl/thread/c4edc965-2dc...

SalarSoft

unread,
Sep 5, 2009, 2:29:06 PM9/5/09
to ASProxy
That's a tricky code, seems there is no other way to overcome this
bug.
Thanks, I'll take a look at it soon.
> > The resources about this issue:http://stackoverflow.com/questions/1019876/cookie-on-an-intranet-doma......

CallMeLaNN

unread,
Oct 7, 2009, 1:42:24 PM10/7/09
to ASProxy
Hi

CallMeLaNN

unread,
Oct 8, 2009, 7:14:29 AM10/8/09
to ASProxy
Hi,

I just test to reply in google groups.

Replying on your email, I already studying this CookieContainer, CC
since I read this issue here last 2 weeks.
Also I have read your feedback to Microsoft, also your discussions.
Due to simply answer your feedback fixed in future release, rather
than trying to help you, I disappointed because 4.0 can't be use
widely in the recent days. Then I want to 'hack' the CookieContainer
and inspect what was goes wrong with it.

After some googling, I get this code and modify it a little bit.

public CookieCollection GetAllCookies(CookieContainer cc)
{
CookieCollection lstCookies = new CookieCollection();
Hashtable table = (Hashtable)cc.GetType().InvokeMember
("m_domainTable", System.Reflection.BindingFlags.NonPublic |
System.Reflection.BindingFlags.GetField |
System.Reflection.BindingFlags.Instance, null, cc, new object[] { });
foreach (object pathList in table.Values)
{
SortedList lstCookieCol = (SortedList)pathList.GetType
().InvokeMember("m_list", System.Reflection.BindingFlags.NonPublic |
System.Reflection.BindingFlags.GetField |
System.Reflection.BindingFlags.Instance, null, pathList, new object[]
{ });
foreach (CookieCollection colCookies in
lstCookieCol.Values)
foreach (Cookie c in colCookies)
{
lstCookies.Add(c);
}
}
return lstCookies;
}

This code can retrieve all stored cookie in any domain and path.
Debugging the table, lstCookieCol, colCookies and c, I have better
understanding about how CC store the cookies.
Doing some reflection to the CC also help me.
Its 'grouped' by domain (Hashtable table) and path (SortedList
lstCookieCol). The issue occur when using .Add(Cookie) method.
it different than .Add(Uri, Cookie) in the table key which is domain
name.

.Add(Cookie) - BUG here. simply use domain from the cookie as table
key. So domain.com, .domain.com and sub.domain.com is three different
key.
.Add(Uri, Cookie) - it will make sure the domain have dot in the
beginning. So domain.com and .domain.com use one .domain.com key.

In short, .Add(Uri, Cookie) is doing well but .Add(Cookie) is not.
Your CookieManager_New.cs is using the right one.

.SetCookie(Uri, cookieHeader) is using internal .Add()

Then I found that .GetCookies(Uri) is another BUG. It can't retrieve
cookie from "current sub domain start with dot and parent domain not
start with dot".
So since all domain key start with dot, GetCookies method can't
retrieve current sub domain. So in order to solve it domain with dot
and no dot should be in the table key as you fix it.

It work. Cookie ".domain.com" can be retrieve for "http://domain.com".
Also cookie "sub.domain.com" and ".domain.com" can be retrieve for
"http://sub.domain.com".

I have details discuss it here, fixed based on your code:
http://dot-net-expertise.blogspot.com/2009/10/cookiecontainer-domain-handling-bug-fix.html


Yes I meant it you have solve the CookieContainer issue. I use the new
CookieManager_New.cs I download from ASProxy 5.2. I think it is your
latest one (during you discuss this cookie issue). However your latest
svn just adding BugFix_AddDotCookieDomain after
ApplyRequestToCookieContainer in AddCookiesToRequest function. Its
corrent, because httpWebRequest.CookieContainer is just change. You
need to call BugFix_AddDotCookieDomain each time CookieContainer added
a new cookie or before retrieve any cookie.


Ok, CookieContainer issue fixed. #2 is quite complicated, we discuss
later. Now #1 should be fixed. Cookie is not acting well in ASProxy.
It receive the correct cookie from web response but it send back not
the original one. It was cause cookies grouped into single www.domain.com_ASPX,
yes you can see the right cookie in the browser. but later cookies is
not ungroup to be send the original one.

I checked http traffic between ASProxy and web server by using
Fiddler2. Fiddler shows what cookie sent to the web server is not the
original one. It is www.domain.com_ASPX cookie.

Please use this Fiddler. It help so much. Think that
ApplyRequestToCookieContainer in the AddCookiesToRequest. You can see
that ApplyRequestToCookieContainer is simply get all *_ASPX cookie and
add it to the container to be sent to web server. You need to extract
the cookies inside each *_ASPX as you group it in GetCookieHeader by
using comma seperator.

I am pretty sure that I not confuse the way this CookieManager does. I
am not change the whole behavior but just add lines of code (quite
much) in a function, add functions, remove a few existing codes, and
some other move the location. I still not change the behavior and all
other classes is still remain unchange.

I have the new codes modified but it just modified for #2 and now lots
of codes there. I will give you later, still in modification. The
existing behavior still the same but just small thing I change like
cookie grouped into domain.com_ASPX to make all cookies in the same
domain including all it sub domain stored in the same CookieContainer.

We can discuss and proceed to fix this if you want.

your CookieManager class still not doing right
On Thu, Oct 8, 2009 at 3:40 AM, Salar <salarso...@gmail.com>
wrote:
>
> Hi,
> You have an approved post in asproxy group before, so approval is not required anymore.
>
> I have created this test, which shows CookieContainer does not behave as expected.
> http://stackoverflow.com/questions/1047669/cookiecontainer-bug
> After applying BugFix_AddDotCookieDomain the issue behavior changes!!. The new issue is about more cookies than expected for a domain.
>
> How can you find #1 issue? it is tested very much and all original cookies are sending to the back-end site. I think you are confused with client-user cookie which in embeded in xxx_ASPX cookies.
> I wonder how you fix this. maybe you've changed the whole behavior?!
> The #2 is main problem which not all cookies is send to the back-end site, because of CookieContainer.
> Also google is changing the coookie in scripts which is not known very much, but still it is encoded by __CookieGet/__CookieSet functions. And yes here is another unknown issue.
>
> Have you read this page:
> https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=478521
> The bug is accepted and fixed in .NET 4. I'm waiting to see what changes they have made to correct the CookieContainer behaviour, so I can simulate it for .NET 2, this can be a stable solution.
>
> And, there is a CookieManager_New.cs which is completely works with CookieContainer and uses its methods to store/restore cookies. But due CookieContainer but it is completely uselss. Have a look from svn:
> http://asproxy.svn.sourceforge.net/viewvc/asproxy/SalarSoft.ASProxy/BuiltIn/DataManagement/CookieManager_New.cs?view=markup
>
> And I'll be happy to see what changes you've made in the original code. Attach the code if you want.
>
> Thanks for the attention.
> Regards
> Salar.Kh
>
>
> On Wed, Oct 7, 2009 at 9:34 PM, --:| LaNN |:-- <nal...@gmail.com> wrote:
>>
>> Hi,
>>
>> Sorry I am confused Reply or Reply to author in this google groups. Its not friendly enough.
>>
>> Last week I post about CookieContainer here, quite long post, but the msg seems to miss when I send
>> because it not show like normally something like message sent.
>> It just Your post was successfull but my pust is not shown,
>> or it not show something like the post pending approve by administrator.
>>
>> However I just want to share that I see the bugz here...
>>
>> Last time I notice the CookieContainer have an issue. I learn how it works and what makes the bug.
>> Lastly I found that your BugFix_AddDotCookieDomain() enough to solve the CookieContainer bug. so it almost solved.
>> At the same time I can see the CookieManager is not doing the right.
>>
>> In short I notice there is 2 issue in the CookieManager:
>> #1 The domain.com_ASPX cookie is simply send to web req rather than their every single original cookie. Critical
>> #2 Each cookie should be visible to client script. So it can access and modify at document.cookie. Optional. not sure if google modify cookie in script.
>> but if #2 is not fixed, web that require access and modify cookie is not compatible.
>>
>> I am using Firebug, FireCookie, HttpFox and Fiddler2.
>>
>> I am sure this are the cause of Google login. I notice since google tell me to turn on cookie. Thats why I try to figure it out back now.
>>
>> I try to fix since I know it is not the CookieContainer issue but CookieManager not implemented correctly.
>>
>> I fix the #1. I have no luck to login. After partially fix the #2, I found that my #1 fix is not proper. After I fix the #1 again, I be able to login to google service.
>> Just test in web search, one step before gmail.
>>
>> After 2 weeks since now I can 70% login to gmail . Something like miss one more request response.
>>
>>
>>
>> On Tue, Oct 6, 2009 at 11:25 AM, Salar <salarso...@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> No i didn't got any mail or post from you!
>>>
>>> On Mon, Oct 5, 2009 at 6:12 PM, CallMeLaNN <nal...@gmail.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> Did you receive my post before, in last few days?
>>>>
>>>> I tell about founding the cookie issue solution,
>>>> it is related to google login.
>>>>
>>>> CallMeLaNN
>>>>
>>>> On Sep 6, 2:29 am, SalarSoft <salarsoftwa...@gmail.com> wrote:
>> --
>> Best regards,
>> Mazlan
>>
>> "Our imagination is the only limit to what we can hope to have in the future"
>



--
Best regards,
Mazlan

"Our imagination is the only limit to what we can hope to have in the
future"

SalarSoft

unread,
Oct 9, 2009, 5:28:15 AM10/9/09
to ASProxy
Well, your post here blog post are long, let me read and test them.
> I have details discuss it here, fixed based on your code:http://dot-net-expertise.blogspot.com/2009/10/cookiecontainer-domain-...
> On Thu, Oct 8, 2009 at 3:40 AM, Salar <salarsoftwa...@gmail.com>
> wrote:
>
>
>
> > Hi,
> > You have an approved post in asproxy group before, so approval is not required anymore.
>
> > I have created this test, which shows CookieContainer does not behave as expected.
> >http://stackoverflow.com/questions/1047669/cookiecontainer-bug
> > After applying BugFix_AddDotCookieDomain the issue behavior changes!!. The new issue is about more cookies than expected for a domain.
>
> > How can you find #1 issue? it is tested very much and all original cookies are sending to the back-end site. I think you are confused with client-user cookie which in embeded in xxx_ASPX cookies.
> > I wonder how you fix this. maybe you've changed the whole behavior?!
> > The #2 is main problem which not all cookies is send to the back-end site, because of CookieContainer.
> > Also google is changing the coookie in scripts which is not known very much, but still it is encoded by __CookieGet/__CookieSet functions. And yes here is another unknown issue.
>
> > Have you read this page:
> >https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx...
> > The bug is accepted and fixed in .NET 4. I'm waiting to see what changes they have made to correct the CookieContainer behaviour, so I can simulate it for .NET 2, this can be a stable solution.
>
> > And, there is a CookieManager_New.cs which is completely works with CookieContainer and uses its methods to store/restore cookies. But due CookieContainer but it is completely uselss. Have a look from svn:
> >http://asproxy.svn.sourceforge.net/viewvc/asproxy/SalarSoft.ASProxy/B...
>
> > And I'll be happy to see what changes you've made in the original code. Attach the code if you want.
>
> > Thanks for the attention.
> > Regards
> > Salar.Kh
>
> > On Wed, Oct 7, 2009 at 9:34 PM, --:| LaNN |:-- <nalz...@gmail.com> wrote:
>
> >> Hi,
>
> >> Sorry I am confused Reply or Reply to author in this google groups. Its not friendly enough.
>
> >> Last week I post about CookieContainer here, quite long post, but the msg seems to miss when I send
> >> because it not show like normally something like message sent.
> >> It just Your post was successfull but my pust is not shown,
> >> or it not show something like the post pending approve by administrator.
>
> >> However I just want to share that I see the bugz here...
>
> >> Last time I notice the CookieContainer have an issue. I learn how it works and what makes the bug.
> >> Lastly I found that your BugFix_AddDotCookieDomain() enough to solve the CookieContainer bug. so it almost solved.
> >> At the same time I can see the CookieManager is not doing the right.
>
> >> In short I notice there is 2 issue in the CookieManager:
> >> #1 The domain.com_ASPX cookie is simply send to web req rather than their every single original cookie. Critical
> >> #2 Each cookie should be visible to client script. So it can access and modify at document.cookie. Optional. not sure if google modify cookie in script.
> >> but if #2 is not fixed, web that require access and modify cookie is not compatible.
>
> >> I am using Firebug, FireCookie, HttpFox and Fiddler2.
>
> >> I am sure this are the cause of Google login. I notice since google tell me to turn on cookie. Thats why I try to figure it out back now.
>
> >> I try to fix since I know it is not the CookieContainer  issue but CookieManager not implemented correctly.
>
> >> I fix the #1. I have no luck to login. After partially fix the #2, I found that my #1 fix is not proper. After I fix the #1 again, I be able to login to google service.
> >> Just test in web search, one step before gmail.
>
> >> After 2 weeks since now I can 70% login to gmail . Something like miss one more request response.
>
> >> On Tue, Oct 6, 2009 at 11:25 AM, Salar <salarsoftwa...@gmail.com> wrote:
>
> >>> Hi,
>
> >>> No i didn't got any mail or post from you!
>

SalarSoft

unread,
Oct 9, 2009, 10:46:19 AM10/9/09
to ASProxy
Ok, i had a look on the code and the bugfix.
I remember that I didn't use this CookieManager_New.cs as default
CookieManager because it doesn't fix the issue, in fact the issue
changes face.
(the default cookieManager which delivers with ASProxy is
CookieManager_Old.cs, you can change these from App_Data/
EngineProviders.xml and the CookieManager_New.cs file is excluded form
project.)
The method BugFix_AddDotCookieDomain you've mentioned doesn't work
well.


Consider that we have these three cookies:
Cookie#1: Test1=val; domain=sub.site.com; path=/
Cookie#2: Test2=val; domain=.site.com; path=/
Cookie#3: Test3=val; domain=site.com; path=/

without bugfix we won't get any cookie for http://site.com url, but
with the bugfix this issue fixes.
But there will be other issue, for http://sub.site.com we will get one
extra cookie which is not expected. the extra cookie is Cookie#3. It
means a cookie from "site.com" should not send to "sub.site.com", but
still ".site.com" can be send.
Why! because in the BugFix_AddDotCookieDomain we hack this
m_domainTable table and we have two sign of every cookie "beginning
with dot"/"no dot in the beginning". That causes the issue and that's
why i call for help! ;) :P

I'm still looking at the codes and will post later.

On Oct 8, 2:14 pm, CallMeLaNN <nalz...@gmail.com> wrote:
> I have details discuss it here, fixed based on your code:http://dot-net-expertise.blogspot.com/2009/10/cookiecontainer-domain-...
> On Thu, Oct 8, 2009 at 3:40 AM, Salar <salarsoftwa...@gmail.com>
> wrote:
>
>
>
> > Hi,
> > You have an approved post in asproxy group before, so approval is not required anymore.
>
> > I have created this test, which shows CookieContainer does not behave as expected.
> >http://stackoverflow.com/questions/1047669/cookiecontainer-bug
> > After applying BugFix_AddDotCookieDomain the issue behavior changes!!. The new issue is about more cookies than expected for a domain.
>
> > How can you find #1 issue? it is tested very much and all original cookies are sending to the back-end site. I think you are confused with client-user cookie which in embeded in xxx_ASPX cookies.
> > I wonder how you fix this. maybe you've changed the whole behavior?!
> > The #2 is main problem which not all cookies is send to the back-end site, because of CookieContainer.
> > Also google is changing the coookie in scripts which is not known very much, but still it is encoded by __CookieGet/__CookieSet functions. And yes here is another unknown issue.
>
> > Have you read this page:
> >https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx...
> > The bug is accepted and fixed in .NET 4. I'm waiting to see what changes they have made to correct the CookieContainer behaviour, so I can simulate it for .NET 2, this can be a stable solution.
>
> > And, there is a CookieManager_New.cs which is completely works with CookieContainer and uses its methods to store/restore cookies. But due CookieContainer but it is completely uselss. Have a look from svn:
> >http://asproxy.svn.sourceforge.net/viewvc/asproxy/SalarSoft.ASProxy/B...
>
> > And I'll be happy to see what changes you've made in the original code. Attach the code if you want.
>
> > Thanks for the attention.
> > Regards
> > Salar.Kh
>
> > On Wed, Oct 7, 2009 at 9:34 PM, --:| LaNN |:-- <nalz...@gmail.com> wrote:
>
> >> Hi,
>
> >> Sorry I am confused Reply or Reply to author in this google groups. Its not friendly enough.
>
> >> Last week I post about CookieContainer here, quite long post, but the msg seems to miss when I send
> >> because it not show like normally something like message sent.
> >> It just Your post was successfull but my pust is not shown,
> >> or it not show something like the post pending approve by administrator.
>
> >> However I just want to share that I see the bugz here...
>
> >> Last time I notice the CookieContainer have an issue. I learn how it works and what makes the bug.
> >> Lastly I found that your BugFix_AddDotCookieDomain() enough to solve the CookieContainer bug. so it almost solved.
> >> At the same time I can see the CookieManager is not doing the right.
>
> >> In short I notice there is 2 issue in the CookieManager:
> >> #1 The domain.com_ASPX cookie is simply send to web req rather than their every single original cookie. Critical
> >> #2 Each cookie should be visible to client script. So it can access and modify at document.cookie. Optional. not sure if google modify cookie in script.
> >> but if #2 is not fixed, web that require access and modify cookie is not compatible.
>
> >> I am using Firebug, FireCookie, HttpFox and Fiddler2.
>
> >> I am sure this are the cause of Google login. I notice since google tell me to turn on cookie. Thats why I try to figure it out back now.
>
> >> I try to fix since I know it is not the CookieContainer  issue but CookieManager not implemented correctly.
>
> >> I fix the #1. I have no luck to login. After partially fix the #2, I found that my #1 fix is not proper. After I fix the #1 again, I be able to login to google service.
> >> Just test in web search, one step before gmail.
>
> >> After 2 weeks since now I can 70% login to gmail . Something like miss one more request response.
>
> >> On Tue, Oct 6, 2009 at 11:25 AM, Salar <salarsoftwa...@gmail.com> wrote:
>
> >>> Hi,
>
> >>> No i didn't got any mail or post from you!
>
> >>> On Mon, Oct 5, 2009 at 6:12 PM, CallMeLaNN <nalz...@gmail.com> wrote:
>
> >>>> Hi,
>
> >>>> Did you receive my post before, in last few days?
>
> >>>> I tell about founding the cookie issue solution,
> >>>> it is related to google login.
>
> >>>> CallMeLaNN
>
> >>>> On Sep 6, 2:29 am, SalarSoft <salarsoftwa...@gmail.com> wrote:
> >>>> > That's a tricky code, seems there is no other way to overcome this
> >>>> > bug.
> >>>> > Thanks, I'll take a look at it soon.
>
> >>>> > On Sep 5, 6:53 pm, Samson <walkin...@gmail.com> wrote:
>
> >>>> > > I'm not good at web program, but I'm wondering if it is possible to
> >>>> > > write
>
> ...
>
> read more »

SalarSoft

unread,
Oct 9, 2009, 10:52:54 AM10/9/09
to ASProxy

CallMeLaNN

unread,
Oct 10, 2009, 10:21:19 AM10/10/09
to ASProxy
Hi,

I can't receive your posts from this group. Maybe I need to
Unsubscribe and Join again.

I will look into the given link.

I notice the _Old and _New but just tought you prefer in _New, since
the _New cookie management algorithm seems good.
Which one you want to use?

Ok, I understood your cookie bug on the dot.
Now I know that non-dot cookie can't be visible on the child
subdomain.
I will look again on how to hack the CC.
It is security issue.

If only this issue, any web site using cookies should be working.
(because cookie not missing but more than expected)

Please look into #1 we discuss before since that the cause cookie not
working well in any sites. Fiddler would helps.

Good news, now I can open gmail inbox, at least HTML version but still
have small cookie and javascript issue.

On Oct 9, 10:52 pm, SalarSoft <salarsoftwa...@gmail.com> wrote:
> Also check this:http://asproxy.svn.sourceforge.net/viewvc/asproxy/ASProxy/_test/dotNe...

CallMeLaNN

unread,
Oct 10, 2009, 3:13:09 PM10/10/09
to ASProxy
The extra cookie is not a big security issue since it is in the same
domain.
However it still a security issue and need to be solved.

If you want to take care the security issue properly, I want to add
you more security issue :)

Note that browser (FireFox javascript) are allowed to set cookie to
parent sub domain.
That means page in http://sub.domain.com.sg/... allowed set cookie
with domain ".domain.com.sg".
I assume that the standard (RFC may be) also allowed it. (I trust
FireFox)

So consider that what about the page set cookie with domain ".com.sg"?
In CookieContainer its possible because it assume "com.*" is a domain
name. It will only know "*.com" is a TLD since it was last dot.
Surely the last one is TLD but there is a TLD have two level (two
dot).
Even, there are so many TLD around the world that is not standard.
Eg: "anydomain.co.uk" - co used instead of com, "permalink.uk" is an
exception that there is no "co" or "com" used and much more.
It is difficult to determine whether the dot is one or two, which one
is domain name and which is TLD.
I have build RegEx before but not all domain can be parsed correctly.
The practice way is using list.

There is a Public Suffix List maintained by Mozilla. It is a list of
TLDs available and up to date.
It is being used by FireFox, Google Crome and Opera to manage this
cookie problem and much more.

I have code that can split the sub domain, domain and TLD accurately
based on the Public Suffix List.
We can implement later after the extra cookie issue solved.

CallMeLaNN

unread,
Oct 11, 2009, 12:37:29 AM10/11/09
to ASProxy
I think this should be a good news:

This is the test cookies:

Cookie c1 = new Cookie("c1", ".asd.qwe.zxc.com.my", "/",
".asd.qwe.zxc.com.my");
Cookie c2 = new Cookie("c2", "asd.qwe.zxc.com.my", "/",
"asd.qwe.zxc.com.my");
Cookie c3 = new Cookie("c3", ".qwe.zxc.com.my", "/",
".qwe.zxc.com.my");
Cookie c4 = new Cookie("c4", "qwe.zxc.com.my", "/",
"qwe.zxc.com.my");
Cookie c5 = new Cookie("c5", ".zxc.com.my", "/",
".zxc.com.my");
Cookie c6 = new Cookie("c6", "zxc.com.my", "/",
"zxc.com.my");
Cookie c7 = new Cookie("c7", ".com.my", "/", ".com.my");
Cookie c8 = new Cookie("c8", "com.my", "/", "com.my");
Uri u = new Uri("Http://asd.qwe.zxc.com.my");

It is a debug output result from Unit Test:
---------------------------------------------------------------------
Testing Add(Uri, Cookie) method (including uri):

CookieContainer Domain keys:
.com.my Cookies Count: 2
.qwe.zxc.com.my Cookies Count: 2
.zxc.com.my Cookies Count: 2
.asd.qwe.zxc.com.my Cookies Count: 2

Actual cookies contain in the CookieContainer:
c7=.com.my Domain key: .com.my
c8=com.my Domain key: .com.my
c3=.qwe.zxc.com.my Domain key: .qwe.zxc.com.my
c4=qwe.zxc.com.my Domain key: .qwe.zxc.com.my
c5=.zxc.com.my Domain key: .zxc.com.my
c6=zxc.com.my Domain key: .zxc.com.my
c1=.asd.qwe.zxc.com.my Domain key: .asd.qwe.zxc.com.my
c2=asd.qwe.zxc.com.my Domain key: .asd.qwe.zxc.com.my

Cookies retrieved by GetCookies(http://asd.qwe.zxc.com.my/) Method:
c3=.qwe.zxc.com.my
c4=qwe.zxc.com.my
c5=.zxc.com.my
c6=zxc.com.my
c7=.com.my
c8=com.my


Testing Add(Cookie) method (excluding uri):

CookieContainer Domain keys:
qwe.zxc.com.my Cookies Count: 1
.zxc.com.my Cookies Count: 1
.com.my Cookies Count: 1
com.my Cookies Count: 1
zxc.com.my Cookies Count: 1
asd.qwe.zxc.com.my Cookies Count: 1
.asd.qwe.zxc.com.my Cookies Count: 1
.qwe.zxc.com.my Cookies Count: 1

Actual cookies contain in the CookieContainer:
c4=qwe.zxc.com.my Domain key: qwe.zxc.com.my
c5=.zxc.com.my Domain key: .zxc.com.my
c7=.com.my Domain key: .com.my
c8=com.my Domain key: com.my
c6=zxc.com.my Domain key: zxc.com.my
c2=asd.qwe.zxc.com.my Domain key: asd.qwe.zxc.com.my
c1=.asd.qwe.zxc.com.my Domain key: .asd.qwe.zxc.com.my
c3=.qwe.zxc.com.my Domain key: .qwe.zxc.com.my

Cookies retrieved by GetCookies(http://asd.qwe.zxc.com.my/) Method:
c2=asd.qwe.zxc.com.my
c3=.qwe.zxc.com.my
c5=.zxc.com.my
c7=.com.my


BugFix:

CookieContainer Domain keys:
qwe.zxc.com.my Cookies Count: 2
.zxc.com.my Cookies Count: 1
.com.my Cookies Count: 1
com.my Cookies Count: 2
zxc.com.my Cookies Count: 2
asd.qwe.zxc.com.my Cookies Count: 2
.asd.qwe.zxc.com.my Cookies Count: 1
.qwe.zxc.com.my Cookies Count: 1

Actual cookies contain in the CookieContainer:
c4=qwe.zxc.com.my Domain key: qwe.zxc.com.my
c3=.qwe.zxc.com.my Domain key: qwe.zxc.com.my
c5=.zxc.com.my Domain key: .zxc.com.my
c7=.com.my Domain key: .com.my
c8=com.my Domain key: com.my
c7=.com.my Domain key: com.my
c6=zxc.com.my Domain key: zxc.com.my
c5=.zxc.com.my Domain key: zxc.com.my
c2=asd.qwe.zxc.com.my Domain key: asd.qwe.zxc.com.my
c1=.asd.qwe.zxc.com.my Domain key: asd.qwe.zxc.com.my
c1=.asd.qwe.zxc.com.my Domain key: .asd.qwe.zxc.com.my
c3=.qwe.zxc.com.my Domain key: .qwe.zxc.com.my

Cookies retrieved by GetCookies(http://asd.qwe.zxc.com.my/) Method:
c2=asd.qwe.zxc.com.my
c1=.asd.qwe.zxc.com.my
c3=.qwe.zxc.com.my
c5=.zxc.com.my
c7=.com.my
---------------------------------------------------------------------

You see the last result after bugfix.

Only cookies:

c2=asd.qwe.zxc.com.my
c1=.asd.qwe.zxc.com.my
c3=.qwe.zxc.com.my
c5=.zxc.com.my
c7=.com.my

Will be sent back.
Is that the expected result?

On Oct 9, 10:52 pm, SalarSoft <salarsoftwa...@gmail.com> wrote:
> Also check this:http://asproxy.svn.sourceforge.net/viewvc/asproxy/ASProxy/_test/dotNe...

SalarSoft

unread,
Oct 11, 2009, 11:38:17 AM10/11/09
to ASProxy
Your test results shows oddly everything is ok! but still I think it
is not.
I still get the same extra cookie, can you send me your Unit test
code?

Did you try with GetCookies("http://xxxxxx.com.my/") ?
It should return only c7, and my tests shows it will return c8 too.
Test GetCookies("http://yyyy.my/") too?


And about TLD, I don't think we should care about it. It is on site
designer to take care of its cookies health and where they go. Why a
webmaster should generate a cookie which won't work!? And because
ASProxy is a proxy between user and a website, extra effort is not
needed to control the back-end site behavior, in my opinion of course.
Maybe implementing that will be needed in order to make it a reliable
for other services than a simple proxy, in future; maybe!

CallMeLaNN

unread,
Oct 11, 2009, 8:19:17 PM10/11/09
to ASProxy
Hi,

In the result shown the c4, c6 and c8 is not returned, I think that
what you expected.

Sorry I forgot to tell you that the Unit Test is already updated. The
bugfix I just add few lines of codes.
I will send the test in few hours later, since I out now.
Hope that was you expected.

--:| LaNN |:--

unread,
Oct 14, 2009, 9:42:37 AM10/14/09
to ASProxy
Hi
I forgot to send you.
This is the unit test.
CookieContainerTest.cs

Salar

unread,
Oct 14, 2009, 3:40:36 PM10/14/09
to asp...@googlegroups.com
Uhha, there we go, the problem is with Add(uri, cookie) method!! without using it and simply using the Add(cookie) method the returned cookies are all expected!
Look at the unexpected result is _AddTest(true)

I don't have visual studio test edition so I've changed your test class to an console application:
watch the results in console!
includeUri=false is what we expect.
CookieContainerTest.cs

CallMeLaNN

unread,
Oct 15, 2009, 8:51:26 AM10/15/09
to ASProxy
Good...

Using Add(cookie) will never modify domain key as with Add(uri,
cookie) will append the dot.
Thats why Add(cookie) doing well by persisting the domain name as in
their cookies.

The BugFix modified to only copy cookies in dot domain key into non-
dot domain key.
This is the trick to solve the GetCookies() function issue.

This BugFix copy cookies algorithm I used was follow the Add()
function (I disassemble the function).

Ok, just change Add(uri, cookie) to Add(cookie) and use the new
BugFix.
Then you can test the CookieManager whether it function properly.

SalarSoft

unread,
Oct 15, 2009, 9:10:09 AM10/15/09
to ASProxy
Yeah I did that in the original code and just making some code clean
up. Wait until I release the changes to SVN.
It is time to work on javascript cookie encoder/decoders!

Another problem :(
The BugFix_AddDotCookieDomain does not work with Mono! The problem is
because there is no "m_domainTable" and others.. !!
I don't know if we have the same issue with Mono or not!

Salar

unread,
Oct 15, 2009, 10:34:52 AM10/15/09
to asp...@googlegroups.com
Mono has the same issue, oh my god, they've copied the bugs too!
here is the result of tests:

this is without bugfix, cause it doesn't run in Mono.
Cookies retrieved by GetCookies(http://333.222.111.org/) Method:
c7=.111.org
c5=.222.111.org
c4=333.222.111.org

the c3 is missing.

The good point is the results are same for both Add(uri, cookie) and Add(cookie)

SalarSoft

unread,
Oct 16, 2009, 5:57:04 AM10/16/09
to ASProxy
Ok,
I have updated the CookieManager class with new bugfixes. But still
there is an issue remaining. The SetCookies method.
I've used SetCookies because asproxy tactic requires it.
http://asproxy.svn.sourceforge.net/viewvc/asproxy/SalarSoft.ASProxy/BuiltIn/DataManagement/CookieManager_New.cs?view=markup
We have to solutions, first is to hack SetCookie , second use another
tactic from the beginning.

CallMeLaNN

unread,
Oct 16, 2009, 10:14:54 AM10/16/09
to ASProxy
From the source, it use SetCookies only once. SetCookies used to
accept cookie header (cookie string).
Simply don't use SetCookie because it will use the internal Add() that
Add(Uri, Cookie) use.
However it doesn't mean to do from begining.
We can parse the cookie header by extract each key value pair, create
a new cookie assign properties into it and Add(Cookie).

One more thing, I see the ToServerString in CallCookieToServerString
that is generate cookie header (inverse of above), I think not good
enough. Because last time I debug, it only take the expires value. The
other like path, domain, port, httponly, etc not take into account. So
better we take all property and generate the key value pair by our
own. Then it will be parsed later like above.

I will try send you the simplified code of the function on the
CookieManager I have modify last time.

CallMeLaNN

unread,
Oct 16, 2009, 10:22:32 AM10/16/09
to ASProxy
Replying into your previous post,
I am not sure about Mono,
but wondering if it have reflection that can hack
and can disassemble like in Microsoft System... assembly.

SalarSoft

unread,
Oct 16, 2009, 10:34:02 AM10/16/09
to ASProxy
Ok, i'm waiting for your codes, you can just attach to email,

Mono supports reflection, but the way it is working and implemented is
very different. here is the code:
http://anonsvn.mono-project.com/viewvc/trunk/mcs/class/System/System.Net/CookieContainer.cs?revision=140055&view=markup

CallMeLaNN

unread,
Oct 16, 2009, 12:43:22 PM10/16/09
to asp...@googlegroups.com
Hi, here is the code. have a look.

I just see the RestoreCookiesFromResponse() already changed.
Harder for me to read in the SVN.
How can I download overall project from the latest code?
Class1.cs

Salar

unread,
Oct 16, 2009, 1:01:08 PM10/16/09
to asp...@googlegroups.com
Very good, i'll apply your changes to the original code, but is this working? I mean did you test it with all situations.
I'm not sure about changing Domain property of Cookie, because it modifies internal m_domainKey and m_domain_implicit variables which may cause some unexpected behaviors.

To get sources from SVN use tortoisesvn, http://tortoisesvn.tigris.org/
and get the sources from here:
http://asproxy.svn.sourceforge.net/svnroot/asproxy

CallMeLaNN

unread,
Oct 16, 2009, 1:17:56 PM10/16/09
to asp...@googlegroups.com
I didnt test all solution, I just copy and paste from my working CookieManager.
It same with yours until you change to compatible with Mono and I
found RestoreCookiesFromResponse() modified too many.
I think it more easier for me to check in and out for you to review and retest.

I will try to download the latest svn and see in Visual Studio for
better understanding and debugging.

--

SalarSoft

unread,
Oct 16, 2009, 3:17:30 PM10/16/09
to ASProxy
I did a fast check your code; no, my new changes makes your code
incompatible.
In changes i'm grouping cookies in "cookiesGroup" variable to get
their headers later.
It groups the cookie using cookies domain name, which for
".google.com" the name will be ".google.com_ASPX". the first dot is
saved unlike previous versions.

Ok then, i'm waiting for your changes here.

On Oct 16, 8:17 pm, CallMeLaNN <nalz...@gmail.com> wrote:
> I didnt test all solution, I just copy and paste from my working CookieManager.
> It same with yours until you change to compatible with Mono and I
> found RestoreCookiesFromResponse() modified too many.
> I think it more easier for me to check in and out for you to review and retest.
>
> I will try to download the latest svn and see in Visual Studio for
> better understanding and debugging.
>
> On Sat, Oct 17, 2009 at 1:01 AM, Salar <salarsoftwa...@gmail.com> wrote:
> > Very good, i'll apply your changes to the original code, but is this
> > working? I mean did you test it with all situations.
> > I'm not sure about changing Domain property of Cookie, because it modifies
> > internal m_domainKey and m_domain_implicit variables which may cause some
> > unexpected behaviors.
>
> > To get sources from SVN use tortoisesvn,http://tortoisesvn.tigris.org/

CallMeLaNN

unread,
Oct 16, 2009, 3:44:30 PM10/16/09
to asp...@googlegroups.com
I notice the cookiesGroup doing something.
I just download the latest asproxy svn by the TortiseSvn.
I will look into it later.

This is the RestoreCookiesFromResponse() in case you want to test.


On Sat, Oct 17, 2009 at 3:17 AM, SalarSoft <salarso...@gmail.com> wrote:
>
> I did a fast check your code; no, my new changes makes your code
> incompatible.
> In changes i'm grouping cookies in "cookiesGroup" variable to get
> their headers later.
> It groups the cookie using cookies domain name, which for
> ".google.com" the name will be ".google.com_ASPX". the first dot is
> saved unlike previous versions.
>
> Ok then, i'm waiting for your changes here.
>

CallMeLaNN

unread,
Oct 16, 2009, 3:45:34 PM10/16/09
to asp...@googlegroups.com
Attachment added.
Class1.cs

SalarSoft

unread,
Oct 17, 2009, 2:25:12 AM10/17/09
to ASProxy
Many many thanks.
I have added your changes to the original code, get them from svn
Please use the svn version code, I have applied some code clean up and
renamed some functions to be more readable.

Also I have uploaded the new version with these changes to test the
behavior in real world.
http://asproxy52.somee.com/

Still there is an issue remaining, they way
"ApplyRequestCookiesToCookieContainer" reads the cookie from request.
It causes to subdmain cookie handling to broke, again.

For example login to www.google.com, it should work (the cookie will
be www.google.com_ASPX), then go to images.google.com, google shows
your are not logged in and the cookie is images.google.com_ASPX

The problem refers to Line 261 and 264, which we get cookie only for
current url,
we have to get cookie for all subdomains and the main domain too.

I'm going to implement and fix that.

And one more thing, did you noticed the cookie size is increasing
sharply? after a few visits www.google.com_ASPX is 2 KB!! that's alot.

CallMeLaNN

unread,
Oct 17, 2009, 4:35:37 AM10/17/09
to asp...@googlegroups.com
Welcome... Ok, Good, some function not named as it behave before.

For the cookie name, Its time for me to tell you that we need to
change the cookie name only to take the domain name because you just
see the real example.
cookie name should be google.com_ASPX, no subdomain in front. it
possible to share cookie across subdomain like PREF, SID etc cookie
which have domain ".google.com".
if you browse to www.google.com new PREF cookie created and when you
go to images.google.com the PREF cookie should be sent to the web.
SInce you seperate it into 2 different cookie, PREF in the
images.google.com is not there and newly PREF created. SID is the
cookie responsible to detect authenticated google account if I am not
forgot.

"we have to get cookie for all subdomains and the main domain too."
Sure, then we need to create "domain.com_ASPX" cookie without
subdomain and use function GetAllCookies()
Make sure all this cookies contain in same CookieContainer.

You can use this function (attachment) temp to get the domain name,
but it only can be used in standard TLD. simply co.uk doesn't not
work.
Public Suffix List http://publicsuffix.org work very well. there got
c# code http://code.google.com/p/domainname-parser. very easy to use.
I just contribute to update this code to make it more reliable,
backward compatibility to .NET 2.0 and can autodownload the list.
I just about to finish the work and asproxy can use it if you interested.

About the cookie size I think it related to issue #1 we discuss before.
I am not sure if the issue solved since you update in revision 45. I
didn't check yet.
or maybe because of encoded cookie value not decode like ID=59 become
ID%3D59, ID%253D59, ID%25253D59...
Class2.cs

SalarSoft

unread,
Oct 17, 2009, 4:41:25 AM10/17/09
to ASProxy
Hey dude i've done that!

Get it from SVN.

Check http://asproxy52.somee.com/ again it is working with gmail! I
sent you an email from that.

I'm grouping the cookies by their domain names in response, and the
GetCookieNamesListForDomain method does the job for request.

whoaaa
On Oct 17, 11:35 am, CallMeLaNN <nalz...@gmail.com> wrote:
> Welcome... Ok, Good, some function not named as it behave before.
>
> For the cookie name, Its time for me to tell you that we need to
> change the cookie name only to take the domain name because you just
> see the real example.
> cookie name should be google.com_ASPX, no subdomain in front. it
> possible to share cookie across subdomain like PREF, SID etc cookie
> which have domain ".google.com".
> if you browse towww.google.comnew PREF cookie created and when you
> go to images.google.com the PREF cookie should be sent to the web.
> SInce you seperate it into 2 different cookie, PREF in the
> images.google.com is not there and newly PREF created. SID is the
> cookie responsible to detect authenticated google account if I am not
> forgot.
>
> "we have to get cookie for all subdomains and the main domain too."
> Sure, then we need to create "domain.com_ASPX" cookie without
> subdomain and use function GetAllCookies()
> Make sure all this cookies contain in same CookieContainer.
>
> You can use this function (attachment) temp to get the domain name,
> but it only can be used in standard TLD. simply co.uk doesn't not
> work.
> Public Suffix Listhttp://publicsuffix.orgwork very well. there got
> c# codehttp://code.google.com/p/domainname-parser. very easy to use.
> I just contribute to update this code to make it more reliable,
> backward compatibility to .NET 2.0 and can autodownload the list.
> I just about to finish the work and asproxy can use it if you interested.
>
> About the cookie size I think it related to issue #1 we discuss before.
> I am not sure if the issue solved since you update in revision 45. I
> didn't check yet.
> or maybe because of encoded cookie value not decode like ID=59 become
> ID%3D59, ID%253D59, ID%25253D59...
>
>
>
> On Sat, Oct 17, 2009 at 2:25 PM, SalarSoft <salarsoftwa...@gmail.com> wrote:
>
> > Many many thanks.
> > I have added your changes to the original code, get them from svn
> > Please use the svn version code, I have applied some code clean up and
> > renamed some functions to be more readable.
>
> > Also I have uploaded the new version with these changes to test the
> > behavior in real world.
> >http://asproxy52.somee.com/
>
> > Still there is an issue remaining, they way
> > "ApplyRequestCookiesToCookieContainer" reads the cookie from request.
> > It causes to subdmain cookie handling to broke, again.
>
> > For example login towww.google.com, it should work (the cookie will
> > bewww.google.com_ASPX), then go to images.google.com, google shows
> > your are not logged in and the cookie is images.google.com_ASPX
>
> > The problem refers to Line 261 and 264, which we get cookie only for
> > current url,
> > we have to get cookie for all subdomains and the main domain too.
>
> > I'm going to implement and fix that.
>
> > And one more thing, did you noticed the cookie size is increasing
> > sharply? after a few visitswww.google.com_ASPXis 2 KB!! that's alot.
>
> --
> Best regards,
> Mazlan
>
> "Our imagination is the only limit to what we can hope to have in the future"
>
>  Class2.cs
> 2KViewDownload

SalarSoft

unread,
Oct 17, 2009, 11:16:20 AM10/17/09
to ASProxy
Did you get the codes from svn? the problem with .com|.org|.biz
and ... is fixed in GetCookieNamesListForDomain function.
But to apply the true TLD laws, we have to apply .co.uk|.co.jp|.co.au
and ... too. You said you have the list of these domains, please send
me the lists, it is easy apply them to the GetCookieNamesListForDomain
function.

Ok, now we are almost done with CookieManager.

The remaining issues is javascript cookie encoder/decoder.
I did a check again the codes to remember what exactly i did there,
and i've noticed we will have problems with & character you've used as
separator for cookies. that can be changed.

You said you've done some job to get javascript cookies to work, i'll
be happy to see them :)

to apply javascript cookies we have to do almost same job that we did
in CookieManager. But we have to deal with standard cookies too, which
document.cookie returns.
I'm waiting for your response if you have some done job, otherwise
i'll dive into code. ;)

On Oct 17, 11:35 am, CallMeLaNN <nalz...@gmail.com> wrote:
> Welcome... Ok, Good, some function not named as it behave before.
>
> For the cookie name, Its time for me to tell you that we need to
> change the cookie name only to take the domain name because you just
> see the real example.
> cookie name should be google.com_ASPX, no subdomain in front. it
> possible to share cookie across subdomain like PREF, SID etc cookie
> which have domain ".google.com".
> if you browse towww.google.comnew PREF cookie created and when you
> go to images.google.com the PREF cookie should be sent to the web.
> SInce you seperate it into 2 different cookie, PREF in the
> images.google.com is not there and newly PREF created. SID is the
> cookie responsible to detect authenticated google account if I am not
> forgot.
>
> "we have to get cookie for all subdomains and the main domain too."
> Sure, then we need to create "domain.com_ASPX" cookie without
> subdomain and use function GetAllCookies()
> Make sure all this cookies contain in same CookieContainer.
>
> You can use this function (attachment) temp to get the domain name,
> but it only can be used in standard TLD. simply co.uk doesn't not
> work.
> Public Suffix Listhttp://publicsuffix.orgwork very well. there got
> c# codehttp://code.google.com/p/domainname-parser. very easy to use.
> I just contribute to update this code to make it more reliable,
> backward compatibility to .NET 2.0 and can autodownload the list.
> I just about to finish the work and asproxy can use it if you interested.
>
> About the cookie size I think it related to issue #1 we discuss before.
> I am not sure if the issue solved since you update in revision 45. I
> didn't check yet.
> or maybe because of encoded cookie value not decode like ID=59 become
> ID%3D59, ID%253D59, ID%25253D59...
>
>
>
> On Sat, Oct 17, 2009 at 2:25 PM, SalarSoft <salarsoftwa...@gmail.com> wrote:
>
> > Many many thanks.
> > I have added your changes to the original code, get them from svn
> > Please use the svn version code, I have applied some code clean up and
> > renamed some functions to be more readable.
>
> > Also I have uploaded the new version with these changes to test the
> > behavior in real world.
> >http://asproxy52.somee.com/
>
> > Still there is an issue remaining, they way
> > "ApplyRequestCookiesToCookieContainer" reads the cookie from request.
> > It causes to subdmain cookie handling to broke, again.
>
> > For example login towww.google.com, it should work (the cookie will
> > bewww.google.com_ASPX), then go to images.google.com, google shows
> > your are not logged in and the cookie is images.google.com_ASPX
>
> > The problem refers to Line 261 and 264, which we get cookie only for
> > current url,
> > we have to get cookie for all subdomains and the main domain too.
>
> > I'm going to implement and fix that.
>
> > And one more thing, did you noticed the cookie size is increasing
> > sharply? after a few visitswww.google.com_ASPXis 2 KB!! that's alot.
>
> --
> Best regards,
> Mazlan
>
> "Our imagination is the only limit to what we can hope to have in the future"
>
>  Class2.cs
> 2KViewDownload

CallMeLaNN

unread,
Oct 17, 2009, 1:08:21 PM10/17/09
to asp...@googlegroups.com
Hi, great, I would also share the happiness.
You did too fast. :) great.

Ok, we can deal with js cookie.
but how about the Mono CookieContainer problem?

The js cookie i create is not completed well (even it working) since
we start to discuss.
because I think that time, I miss something that will need to change
the whole structure.
so I let it there and we can start from beginning since the
CookieManager was changed a lot.
dont worry, I got the idea, I will write down the steps for us to
think and start coding.
I will let you know when I did some coding.

here the basic flow:
1. during user response, send the real cookies to user, at the same
time we send group cookie to user.
2. document.cookie might be changed. on the next web request, update
the group cookie first from each removed/modified/newly created cookie
before send to web.
3. go back to no 1.

There are few thing to consider since all web site loaded in asproxy
and share the same browser cookies like in http://asproxy52.somee.com.
- only show the real cookies for the current domain. if user go to
another domain, the cookies for old domain removed and new cookies for
the new domain created. This will prevent old cookies visible to new
domain and cookies overridden to each others.
- cookies might have different domain and path in a page. when all
this cookies send to user browser it should be same. Eg.domain
"asproxy52.somee.com" and path "/". Then when this cookies send back
to web, the real domain and path restored.

We need to take note when the new request domain change, it means that
all cookies is no longer can be send to the new web, instead we need
to initialize cookies for the new domain. This is the thing I miss and
need to redesign.

CallMeLaNN

SalarSoft

unread,
Oct 18, 2009, 3:03:17 AM10/18/09
to ASProxy
About mono; we can work on it later, the javascript cookies are more
important.

I did a few code last night and I can say i'm almost done, and i'm
testing it now. It is working well until now.

The way ASProxy used to work with cookies are different than you've
said, I don't know if you've read the cookie part of asproxyencoder.js
or not but here is a bit explanation.
ASProxy has a encoder method for cookie in called __CookieGet, it gets
the document.cookie parses it and returns what the website expects.
This can not be happen but with a operation that have been done in C#
code,
so the js code will change like this
var test=document.cookie; will change to var test=__CookieGet();

Also to set cookies the same thing happens, there is a method called
__CookieSet which surround the original code,
like this:
document.cookie='test1=value'; will be document.cookie= __CookieSet
('test1=value');
the __CookieSet method parses the set cookie and converts it to
ASProxy desired cookie, so the result will go directly to
document.cookie.

And there is a few points that i've done:
* When setting the cookie to document, there is no need to find and
override anything, the browser will do this for us.
* But still i'm not sure about ASProxy cookies, because we have
grouped them! as you've mentioned; this part needs double check
* I didn't code to check cookies path yet, they need extra information
which asproxy encoder should send them from C# code.

The most part of your basics is solved by this tactic, but i think
still we will have some issues with grouped cookies,
I'll work on that to parse them too.

Anyway, i've uploaded the works on somee test site, you can see them
there:
http://asproxy52.somee.com/scripts/cookieencoder.js

They are not in svn yet.


Message has been deleted

SalarSoft

unread,
Oct 20, 2009, 11:54:52 AM10/20/09
to ASProxy
There is another bug! :(

CookieContainer destroys the expires value after Add method. So the
cookies never expires!
Add(Cookie) has this bug which applies to Add(CookieCollection) too.

This bug does not apply to Add(Uri, Cookie)

I'm going to report to microsoft!

And here is the test:

private void CookieExpireDate()
{
CookieContainer cc = new CookieContainer();

Cookie c1 = new Cookie("Test", "Hi", "/", ".example.com");
c1.Expires = DateTime.Now.AddYears(-5);

cc.Add(c1);

Uri u = new Uri("Http://www.example.com/");
Console.WriteLine("Cookies retrieved by GetCookies(" + u.AbsoluteUri
+ ") Method:");

CookieCollection coll = cc.GetCookies(u);
foreach (Cookie c in coll)
{
Console.WriteLine(c.ToString() + " Expired=" + c.Expired);
}
}

Also get the latest code from svn, i've changed some codes.

On Oct 17, 8:08 pm, CallMeLaNN <nalz...@gmail.com> wrote:
> Hi, great, I would also share the happiness.
> You did too fast. :) great.
>
> Ok, we can deal with js cookie.
> but how about the Mono CookieContainer problem?
>
> The js cookie i create is not completed well (even it working) since
> we start to discuss.
> because I think that time, I miss something that will need to change
> the whole structure.
> so I let it there and we can start from beginning since the
> CookieManager was changed a lot.
> dont worry, I got the idea, I will write down the steps for us to
> think and start coding.
> I will let you know when I did some coding.
>
> here the basic flow:
> 1. during user response, send the real cookies to user, at the same
> time we send group cookie to user.
> 2. document.cookie might be changed. on the next web request, update
> the group cookie first from each removed/modified/newly created cookie
> before send to web.
> 3. go back to no 1.
>
> There are few thing to consider since all web site loaded in asproxy
> and share the same browser cookies like inhttp://asproxy52.somee.com.

SalarSoft

unread,
Oct 20, 2009, 12:11:34 PM10/20/09
to ASProxy

CallMeLaNN

unread,
Oct 22, 2009, 3:10:27 PM10/22/09
to asp...@googlegroups.com
Hi,

I cant test the new bug now. but based on your code I think...
sure you can't add cookie with expires less than datetime now.

My opinion Microsoft design CookieContainer is to manage cookie just
like browser do.
So it will manage domain, path, expires etc.
when you set the expires less than date time now, it means the cookie
is already expired and need to delete.
If you do in browser also you get same result.

The only 1 exception is Session cookie which have datetime 1/1/0001 00:00:00
any expires greater than this and less than datetime now will be deleted.

Sorry I am quite buzy in this 2weeks but I interested with cookie
since I got lots info of it.
I will get the latest svn and check your CookieManager later.

SalarSoft

unread,
Oct 22, 2009, 4:07:07 PM10/22/09
to ASProxy
Hi,

Right, but there is tricky point! sometimes a new cookie that is
retrieved from response is going to expire an existing local cookie,
because of this bug the new cookie will fail to do that.
Anyway, I have fixed this bug. The bugfix stores the expired cookies
in different list and checks them later when we are using
GetAllCookies

But this is not the all story about bugs in Micro$oft.NET!
There is another bug!!

This time in httpWebResponse :(
As you know Cookie class doesn't accept cookies with comma (,)
character within, This is against RFC too! But some sites cookies
contains comma within their cookie value. (all browsers are supporting
comma in Set-Cookie header!!)
This cause very unexpected results which may cause the Cookie loose
Path and Expires values.
I tried to use Mono library to handle the fail parsing, but it didn't
work, because we still using Microsoft CookieContainer!!

The affected Path has very very bad unexpected result (we can ignore
expires issue here!)
The path automatically changes to page url! This cause cookie to be
transparent for whole website.
After my researches I couldn't find any definite solution, so I just
wrote a temporary solution to check Path existence in response header.

You can see the changes in SVN code.

And thanks , the consultations always are very useful, I work on this
project on my free times too, we just want to have fun with it! (If
the bugs let us! :)

On Oct 22, 10:10 pm, CallMeLaNN <nalz...@gmail.com> wrote:
> Hi,
>
> I cant test the new bug now. but based on your code I think...
> sure you can't add cookie with expires less than datetime now.
>
> My opinion Microsoft design CookieContainer is to manage cookie just
> like browser do.
> So it will manage domain, path, expires etc.
> when you set the expires less than date time now, it means the cookie
> is already expired and need to delete.
> If you do in browser also you get same result.
>
> The only 1 exception is Session cookie which have datetime 1/1/0001 00:00:00
> any expires greater than this and less than datetime now will be deleted.
>
> Sorry I am quite buzy in this 2weeks but I interested with cookie
> since I got lots info of it.
> I will get the latest svn and check your CookieManager later.
>
>
>
> On Wed, Oct 21, 2009 at 12:11 AM, SalarSoft <salarsoftwa...@gmail.com> wrote:
>
> > And the report for microsoft:
> >https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx...

SalarSoft

unread,
Oct 23, 2009, 3:50:33 AM10/23/09
to ASProxy
And httpWebResponse bug report.
https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=499888

On Oct 22, 10:10 pm, CallMeLaNN <nalz...@gmail.com> wrote:
> Hi,
>
> I cant test the new bug now. but based on your code I think...
> sure you can't add cookie with expires less than datetime now.
>
> My opinion Microsoft design CookieContainer is to manage cookie just
> like browser do.
> So it will manage domain, path, expires etc.
> when you set the expires less than date time now, it means the cookie
> is already expired and need to delete.
> If you do in browser also you get same result.
>
> The only 1 exception is Session cookie which have datetime 1/1/0001 00:00:00
> any expires greater than this and less than datetime now will be deleted.
>
> Sorry I am quite buzy in this 2weeks but I interested with cookie
> since I got lots info of it.
> I will get the latest svn and check your CookieManager later.
>
>
>
> On Wed, Oct 21, 2009 at 12:11 AM, SalarSoft <salarsoftwa...@gmail.com> wrote:
>
> > And the report for microsoft:
> >https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx...
Reply all
Reply to author
Forward
0 new messages