CookieContainer does not store cookies for internationalized domain names - McMap

About

CookieContainer does not store cookies for internationalized domain names

Asked 7/6, 2015 at 21:41 Answered 8/6, 2015 at 7:11

c#.net cookies idn punycode

W

1

6

I'm trying to perform authorization on a cyrillic domain using WebClient. Authorization goes through few stages with redirects between normal and punicode domains. The problem is HttpWebRequest can not store cookies in assigned CookieContaier if it was set by punycode domain. For example, this code will throw CookieException.

var cookie = new Cookie("test_cookie", "test_value", "/", ".xn----7sbcca6bi0ak9b0a6f.xn--p1ai");
var container = new CookieContainer().Add(cookie);

The problem is exacerbated by the fact that response that sets cookie redirects to another page, i.e. after WebClient.UploadValues(...) have been executed there's no cookie information in WebClient.ResponseHeaders.

Below is normal authorization process (using browser)

Method  Result  Received  Type       URL                                                        RedirectURL                                                Set-Cookie                                                                                                                                 
POST    302     1,18 K    text/html  http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin/login       http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin             sess_id=.......; expires=Mon, 06-Jun-2016 07:20:57 GMT; Max-Age=31536000; path=/; domain=.xn----7sbcca6bi0ak9b0a6f.xn--p1ai; httponly     
GET     302     722       text/html  http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin             /admin/orders                                                                                                                                                                                        
GET     200     200,00 K  text/html  http://xn----7sbcca6bi0ak9b0a6f.xn--p1ai/admin/orders

Is there any workaround?

Wideawake answered 7/6, 2015 at 21:41 Comment(3)

Could anyone confirm it is a bug? May be I should report it to connect.microsoft.com/VisualStudio ? – Wideawake 8/6, 2015 at 7:7

Update: 1. IDN and IRI processing must be enabled in configuration to reproduce the behaviour described above. 2. Obviously, internal method VerifySetDefaults of the System.Net.Cookie class is the reason of the problem. I am trying to figure out why, but VerifySetDefaults is quite sophisticated for me. – Wideawake 9/6, 2015 at 7:32

Update: It seems that VerifySetDefaults is trying to compare an IDN with its punycode representation, when it fails the exception is thrown. – Wideawake 9/6, 2015 at 7:50

S

1

Are you sure the IDN is the problem?

The following code snippet (which is the same as yours, but with the second line split up to make it compile)

var cookie = new Cookie("test_cookie", "test_value", "/", ".xn----7sbcca6bi0ak9b0a6f.xn--p1ai");
var container = new CookieContainer();
container.Add(cookie);

container.GetCookies(new Uri("http://test.xn----7sbcca6bi0ak9b0a6f.xn--p1ai")).Dump();

does not throw a CookieException at all (run from LINQPad). Could the problem perhaps be in the name and/or value you are trying to set for the cookie? What is the exact message you get from the CookieException?

Suzysuzzy answered 8/6, 2015 at 7:11 Comment(5)

It is definitely IDN problem, because regular domain cookies are stored well. Your code snippet throws an exception on .net fw 4.5.1. What version you've used to test? – Wideawake 8/6, 2015 at 7:29

Running 4.0.30319.34014, which is .NET 4.5.1 on Windows 8.1 64-bit . – Suzysuzzy 8/6, 2015 at 10:24

I've find out why you get no exception. There must be <idn enabled="All"/> section set in config file, for normal IDN handling. When it is not set any kind of WebRequest can not resolve internationalized domain names, although CookieContainer stores IDN cookies as it should. Very odd behaviour. – Wideawake 8/6, 2015 at 21:6

Thanks for sharing! I can now reproduce the problem indeed. Tried to figure out what the implication of this setting is on the VerifySetDefaults behavior (it should only affect Uri implementation I think), but failed so far. – Suzysuzzy 9/6, 2015 at 9:0

VerifySetDefaults performs comparision between Set-Cookie domain (which is punycode) and it's System.Net.Uri representation (which is unicode IDN if IDN support is enabled). Of course they are different in case of IDN. Btw, there is a way to store punicode domain cookie using CookieContainer.Add(Uri uri, Cookie cookie) method, where Cookie.Domain field is empty. But WebRequest uses CookieContainer.Add(CookieCollection cookies) method which fails for IDN. – Wideawake 9/6, 2015 at 12:16

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.