RequestHeader.Cookie
: Improve multiple cookies with same name support
#1584
Labels
RequestHeader.Cookie
: Improve multiple cookies with same name support
#1584
From my understanding of the code, and testing though a third party server using fasthttp (Authelia), it seems like
RequestHeader.Cookie
(and thusSession.getSessionID
) uses the first matching value it finds.According to RFC 6265 4.2.2. Semantics:
While not mandatory (RFC uses "SHOULD", not "MUST"), it would be nice to implement this behavior.
The use case I have, and why I ended up here is I'm using the same service on two domains:
auth.example.com
andauth.sub.example.com
. When my browser makes a request tosvc.sub.example.com
, it sends both cookies (Same-Site=lax
is required for auth on subdomains that are notauth
), thus fasthttp only finds the session if theauth.sub
cookie was serialized first.Current solution on my side is using different cookie names, but I thought I'd bring it up here since it seems like a valuable addition.
P.S. I only skimmed the code so this might not be possible, but maybe making
RequestHeader.cookies
a map instead of a slice would both make the code simpler and faster.The text was updated successfully, but these errors were encountered: