Don't expire cookie with later setting in the same headers

2025-02-16 09:39:28 +01:00 · 2024-06-26 11:50:27 -04:00 · 2024-06-26 11:50:27 -04:00 · 5753882d76
commit 5753882d76
parent 5c068f8102
2 changed files with 15 additions and 3 deletions
--- a/httpie/utils.py
+++ b/httpie/utils.py
@ -167,11 +167,14 @@ def get_expired_cookies(
        split_cookies(cookies)
    )

-    cookies = [
+    # Use a dict to keep only the last value for each cookie, so that an early
+    # expiration doesn't prevent a later setting in the same headers.
+    cookies = {
        # The first attr name is the cookie name.
-        dict(attrs[1:], name=attrs[0][0])
+        attrs[0][0]: dict(attrs[1:], name=attrs[0][0])
        for attrs in attr_sets
-    ]
+    }
+    cookies = list(cookies.values())

    _max_age_to_expires(cookies=cookies, now=now)

--- a/tests/test_sessions.py
+++ b/tests/test_sessions.py
@ -437,6 +437,15 @@ class TestExpiredCookies(CookieTestBase):
                datetime(2020, 6, 11).timestamp(),
                []
            ),
+            (
+                # Don't expire cookie with later setting.
+                (
+                    'session=; Path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT; secure; HttpOnly, '
+                    'session=bar; Path=/; secure; HttpOnly'
+                ),
+                None,
+                []
+            )
        ]
    )
    def test_get_expired_cookies_manages_multiple_cookie_headers(self, cookies, now, expected_expired):