Login/Register
HttpClient not storing cookies in CookieContainer
Asked Answered
Solved c#cookieshttpclient
B

5

24

I'm using VS2010 +.NET 4.0 + System.Net.Http (from Nuget).

For a reason which I don't manage to understand, the session cookie which I receive in my HttpResponseMessage is not automatically saved in the HttpClient CookieContainer. Here is what my code looks like:

CookieContainer cookies = new CookieContainer();
HttpClientHandler handler = new HttpClientHandler();
handler.CookieContainer = cookies;
HttpClient client = new HttpClient(handler);

Uri site = new Uri("https://www.mywebsite.com");
var response1 = client.SendAsync(new HttpRequestMessage(HttpMethod.Get,site)).Result;

I can see in the response headers that I have the following:

Set-Cookie: JSESSIONID=FC8110E434C2C6DAB78B4E335024A639; Path=/member; Secure

However my cookie container remains empty ...why ?

Burgrave answered 4/2, 2013 at 5:57 Comment(0)
M
14

I guess the problem is that your cookies are secure. The problem is that, CookieContainer won't send secure cookies back to the server in subsequent HTTP requests. It might be a bug, or maybe it has some reasons behind it.

A workaround is to re-add the cookie to CookieContainer manually. This way, cookie would be sent back in HTTP request header, as no secure would be defined when you send cookies back to the server.

See this article for more information.

Mc answered 4/2, 2013 at 6:8 Comment(3)
Thanks for the feedback and the link, Saeed ! In my case, I just ended up reconfigure my HttpClientHandler as cookieless (hander.UseCookies = false), so that the session-id cookie just needs to be sent as a URL parameter to the web server)Burgrave
@Burgrave - Secure cookies are only sent over secure channels such as HTTPS. See RFC6265 §4.1.2.5 for details.Oblast
I experienced this problem even though the cookie was not secure, I also ruled out the HttpOnly property causing this behaviour. Adding it back into the collection worked in my case as well.Harbin
L
19

Use this piece of code to retrieve cookies from response:

/// <summary>
/// Read web cookies
/// </summary>
public static CookieContainer ReadCookies(this HttpResponseMessage response)
{
    var pageUri = response.RequestMessage.RequestUri;

    var cookieContainer = new CookieContainer();
    IEnumerable<string> cookies;
    if (response.Headers.TryGetValues("set-cookie", out cookies))
    {
        foreach (var c in cookies)
        {
            cookieContainer.SetCookies(pageUri, c);
        }
    }

    return cookieContainer;
}
Leveroni answered 3/8, 2014 at 19:1 Comment(1)
This only sets the first cookie. The SetCookies(Uri, String) method should only be called once with all cookie values delimited with commas: #32957193Acquittal
M
14

I guess the problem is that your cookies are secure. The problem is that, CookieContainer won't send secure cookies back to the server in subsequent HTTP requests. It might be a bug, or maybe it has some reasons behind it.

A workaround is to re-add the cookie to CookieContainer manually. This way, cookie would be sent back in HTTP request header, as no secure would be defined when you send cookies back to the server.

See this article for more information.

Mc answered 4/2, 2013 at 6:8 Comment(3)
Thanks for the feedback and the link, Saeed ! In my case, I just ended up reconfigure my HttpClientHandler as cookieless (hander.UseCookies = false), so that the session-id cookie just needs to be sent as a URL parameter to the web server)Burgrave
@Burgrave - Secure cookies are only sent over secure channels such as HTTPS. See RFC6265 §4.1.2.5 for details.Oblast
I experienced this problem even though the cookie was not secure, I also ruled out the HttpOnly property causing this behaviour. Adding it back into the collection worked in my case as well.Harbin
M
1

I had problem with cookies because of case difference in path. I logged in to /mysite/login, and set cookie for mysite, but then redirect to /MySite, and HttpClient suddenly discard all the cookies! When I changed adress to /MySite/login all become ok.

Mcclenon answered 11/1, 2022 at 12:45 Comment(0)
J
0

Perhaps the problem is that your request Url path is to the root of the web site ("/"), but your Set-Cookie header indicates a Path of "/member".

Jenniejennifer answered 18/9, 2018 at 18:4 Comment(0)
I
0

Make sure you are automatically decompressing the response:

HttpClientHandler handler = new HttpClientHandler()
{
    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};

Example:

var cookieContainer = new CookieContainer();
var clientHandler = new HttpClientHandler {
    AllowAutoRedirect = true,
    UseCookies = true,
    CookieContainer = cookieContainer,
    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
};

var httpClient = new HttpClient(clientHandler);

var httpRequest = new HttpRequestMessage(HttpMethod.Get, "https://example.com/");

var response = httpClient.Send(httpRequest);

response.Headers.TryGetValues("set-cookie", out var cookies);

string test = (new StreamReader(response.Content.ReadAsStream()).ReadToEnd());

Edit

This also populates my cookieContainer automatically. On both a httpClient.GetAsync("https://example.com/") or SendAsync(httpRequest)

Independency answered 10/12, 2022 at 5:18 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.