cookie removal and Microsoft Edge
HaHa421 opened this issue · comments
Rocket Version
0.5.0
Operating System
windows 10/11
Rust Toolchain Version
rustc 1.76
What happened?
using Edge, removing a cookie sets its expiration date not in the past but far in the future : here I get Sunday, September 20, 5838270
I tested the site using Brave, Firefox end Chrome : the cookie is cleared as expected
Test Case
//
Log Output
//
Additional Context
No response
System Checks
- My bug report relates to functionality.
- I have tested against the latest Rocket release or a recent git commit.
- I have tested against the latest stable
rustc
toolchain. - I was unable to find this issue previously reported.
Please provide a test case and a screenshot of the browser as well as the exact version of the browser.
Browser : Microsoft Edge
Version 121.0.2277.112 (Official build) (64-bit)
here is the cookie after "removal" , content is erased but this remains
Name
test_cookie
Content
Domain
Path
/
Send for
Same-site connections only
Created
Friday, February 16, 2024 at 12:28:14 AM
Expires
Sunday, September 20, 5838270 at 12:09:20 AM
the code is pruned from other routes :
use rocket::*;
use rocket::http::{Cookie,CookieJar};
#[get("/set_cookie")]
async fn set_cookie(cookies: &CookieJar<'_>,) {
cookies.add(Cookie::new("test_cookie", "val"));
}
#[get("/remove_cookie")]
async fn remove_cookie(cookies: &CookieJar<'_>) {
cookies.remove("test_cookie");
}
#[tokio::main]
async fn main() -> Result<(), Error> {
let _ = rocket::build()
.mount("/", routes![set_cookie,remove_cookie])
.launch()
.await?;
Ok(())
}
I'm sorry, but you're going to need to provide clearer information about what's going on. I have tried to reproduce the issue you're describing without success. On both macOS and Windows, Edge successfully clears the cookie.
Here's what I need from you:
- A console log of Rocket with your reproduction showing incoming and outgoing requests where the issue occurs with debug logging enabled. This was requested in the issue template but was ignored.
- A screenshot of the developer tools in your Edge browser that shows the information you're describing here. When a cookie is deleted, both
max-age
andExpires
are set. I need to see what the browser is receiving, exactly. Ideally, this is two things: the response headers and the cookie information.
Please also format your responses with markdown so that they're easier to read.
Please do not ignore issue templates in the future. They are designed so that this back-and-forth is avoided as much as possible. When you ignore the issue template, you increase workload on maintainers unnecessarily.
rocket log writes as expected:
sending response: Response {
status: 200,
version: HTTP/1.1,
headers: {
"set-cookie": "test_cookie=; SameSite=Lax; Path=/; Max-Age=0; Expires=Thu, 16 Feb 2023 01:41:49 GMT",
"server": "Rocket",
"x-content-type-options": "nosniff",
"x-frame-options": "SAMEORIGIN",
"permissions-policy": "interest-cohort=()",
"content-length": "0",
},
body: Body(
Streaming,
),
}
and I get only this warning in Edge developer tools console:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
Edge keeps setting the cookie expiration date at : Sunday, September 20, 5838270 at 12:09:20 AM
I get the same behavior from Edge on a linux machine
Please post the following:
I need to see what the browser is receiving, exactly. Ideally, this is two things: the response headers and the cookie information.
This can be found in the developer tools.
Also, is your clock set correctly?
When an inspect cookies in the Application tab of developer tools, the cookie doesn't show after removal which is good
I added the route
#[get("/check_cookie")]
async fn check_cookie(cookies: &CookieJar<'_>)->String {
match cookies.get("test_cookie") {
Some(_)=>String::from("Cookie found"),
_=>String::from("Cookie not found"),
}
}
and everything is ok
Meanwhile the cookie still shows up in "View Site Information --> Cookies" ,which might be annoying from a user perspective.
anyway , this seems to be related to Edge implementation so I suppose we can close the issue