Query regarding net/http/cookiejar: Cookies() method and Expiry/MaxAge

Amit Saha

unread,

Jun 29, 2022, 6:31:29 PM6/29/22

to golang-nuts

Hi all,

Currently the Cookies() method as explained at https://pkg.go.dev/net/http/cookiejar#Jar.Cookies only adds the Name and Value of the cookies and strips out the MaxAge and Expires field (and all other fields). Presumably, as I can see in the code, the logic is if a cookie is returned as a return value from this method, that means, the cookie is valid - expiry date is in the future, for example.

In the context of testing my HTTP handler, I wanted to make sure that the expiry of a certain cookie is set to a specific time in the future.

However, the above implementation doesn't make it possible. Is that a fair expectation to have that the cookiejar's Cookies() method will preserve the Expires/MaxAge field of the cookie so that I can verify my HTTP handler function logic? Or is there another alternative suggestion?

Thanks,

Amit.

Sean Liao

unread,

Jun 29, 2022, 6:45:34 PM6/29/22

to golang-nuts

Implement your own cookie jar,

Volker Dobler

unread,

Jun 30, 2022, 2:15:49 AM6/30/22

to golang-nuts

On Thursday, 30 June 2022 at 00:31:29 UTC+2 amits wrote:

Currently the Cookies() method as explained at https://pkg.go.dev/net/http/cookiejar#Jar.Cookies only adds the Name and Value of the cookies and strips out the MaxAge and Expires field (and all other fields). Presumably, as I can see in the code, the logic is if a cookie is returned as a return value from this method, that means, the cookie is valid - expiry date is in the future, for example.

Technically neither is "stripped out", the Jar itself knows about these

fields, they just aren't returned to the caller of Cookies().

In the context of testing my HTTP handler, I wanted to make sure that the expiry of a certain cookie is set to a specific time in the future.

That can be done without putting the cookies into a Jar:

Just inspect the raw cookies sent in the Request, e.g. with

net/http.Request.Cookies. These cookies have all fields set.

However, the above implementation doesn't make it possible. Is that a fair expectation to have that the cookiejar's Cookies() method will preserve the Expires/MaxAge field of the cookie so that I can verify my HTTP handler function logic?

Are you asking whether it's a fair to expect that

net/http/cookiejar.Jar doesn't have bugs? It has a decent

set of tests that check expiry of cookies so I think yes,

this is a fair expectation.

Or is there another alternative suggestion?

There are open source drop in replacements for

net/http/cookiejar.Jar that allow deep inspection of their

content, but I really doubt that this is needed.

There are two questions:

1) Do your cookies have the right MaxAge? Test that by checking

the cookie in the HTTP response.

2) Does cookiejar.Jar work properly? You can rely on that;

but if you think its tests are lacking: Feel free to provide a CL for

the test suite of Jar.

V.

Amit Saha

unread,

Jul 1, 2022, 4:49:27 AM7/1/22

to Sean Liao, golang-nuts

On Thu, Jun 30, 2022 at 8:45 AM 'Sean Liao' via golang-nuts <golan...@googlegroups.com> wrote:

Implement your own cookie jar,

See also:
https://github.com/golang/go/issues/19291#issuecomment-282576908

Thank you. From the issue comment, I don't quite understand this:

> If the other fields are returned, than these cookies would trigger Set-Cookie headers in package http.

Not a question for you - unless of course you know the answer. But I am thinking out loud as follows:

CookieJar (client) with cookies with all other fields set -> calls a HTTP server -> Reads the cookies -> Set-Cookie header flow triggered? (?? -> not quite sure)

You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/PTmjlCkjmU4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAGabyPrVu4%3DC_KLvC_DkQpuw4KSkSSryUagdD1jZ05Ufa8WRoQ%40mail.gmail.com.

Amit Saha

unread,

Jul 1, 2022, 5:09:36 AM7/1/22

to Volker Dobler, golang-nuts

On Thu, Jun 30, 2022 at 4:16 PM Volker Dobler <dr.volke...@gmail.com> wrote:

On Thursday, 30 June 2022 at 00:31:29 UTC+2 amits wrote:
Currently the Cookies() method as explained at https://pkg.go.dev/net/http/cookiejar#Jar.Cookies only adds the Name and Value of the cookies and strips out the MaxAge and Expires field (and all other fields). Presumably, as I can see in the code, the logic is if a cookie is returned as a return value from this method, that means, the cookie is valid - expiry date is in the future, for example.
Technically neither is "stripped out", the Jar itself knows about these
fields, they just aren't returned to the caller of Cookies().

Agree with your interpretation of my observation, rather than mine.

In the context of testing my HTTP handler, I wanted to make sure that the expiry of a certain cookie is set to a specific time in the future.
That can be done without putting the cookies into a Jar:
Just inspect the raw cookies sent in the Request, e.g. with
net/http.Request.Cookies. These cookies have all fields set.

However, the above implementation doesn't make it possible. Is that a fair expectation to have that the cookiejar's Cookies() method will preserve the Expires/MaxAge field of the cookie so that I can verify my HTTP handler function logic?
Are you asking whether it's a fair to expect that
net/http/cookiejar.Jar doesn't have bugs? It has a decent
set of tests that check expiry of cookies so I think yes,
this is a fair expectation.

Or is there another alternative suggestion?
There are open source drop in replacements for
net/http/cookiejar.Jar that allow deep inspection of their
content, but I really doubt that this is needed.

There are two questions:
1) Do your cookies have the right MaxAge? Test that by checking
the cookie in the HTTP response.

Yes, that gives me the expected results. I am not sure what I was doing wrong and just chased the idea of checking the cookie jar:

// this has the expected cookie max age set

for _, cookie := range resp.Cookies() {
fmt.Printf("Name: %s Value: %s MaxAge: %v Expires: %v\n", cookie.Name, cookie.Value, cookie.MaxAge, cookie.Expires)
}

2) Does cookiejar.Jar work properly? You can rely on that;
but if you think its tests are lacking: Feel free to provide a CL for
the test suite of Jar.

Thanks, my confusions are clear now.

V.

--
You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/PTmjlCkjmU4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to golang-nuts...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/ffcf1004-4bcd-44e6-aa08-982e3ecbcaacn%40googlegroups.com.

Amit Saha

unread,

Jul 1, 2022, 5:23:23 AM7/1/22

to Volker Dobler, golang-nuts

I found out why I wasn't seeing the cookies in my responses but was only present in the cookie jar:

1. Test client calls handler function 1

2. Handler function 1 sets the cookies and then redirects it to handler function 2

3. The final response from handler function 2 - doesn't have those cookies expectedly

So, my solution in this case would be to either:

1. Implement a cookie jar

2. Or check for the cookies by writing a custom redirect function in my client

Reply all

Reply to author

Forward