24

I'm using VS2010 +.NET 4.0 + System.Net.Http (from Nuget).

For a reason which I don't manage to understand, the session cookie which I receive in my HttpResponseMessage is not automatically saved in the HttpClient CookieContainer. Here is what my code looks like:

CookieContainer cookies = new CookieContainer();
HttpClientHandler handler = new HttpClientHandler();
handler.CookieContainer = cookies;
HttpClient client = new HttpClient(handler);

Uri site = new Uri("https://www.mywebsite.com");
var response1 = client.SendAsync(new HttpRequestMessage(HttpMethod.Get,site)).Result;

I can see in the response headers that I have the following:

Set-Cookie: JSESSIONID=FC8110E434C2C6DAB78B4E335024A639; Path=/member; Secure

However my cookie container remains empty ...why ?

dtb
  • 213,145
  • 36
  • 401
  • 431
user2038596
  • 535
  • 1
  • 3
  • 14

5 Answers5

19

Use this piece of code to retrieve cookies from response:

/// <summary>
/// Read web cookies
/// </summary>
public static CookieContainer ReadCookies(this HttpResponseMessage response)
{
    var pageUri = response.RequestMessage.RequestUri;

    var cookieContainer = new CookieContainer();
    IEnumerable<string> cookies;
    if (response.Headers.TryGetValues("set-cookie", out cookies))
    {
        foreach (var c in cookies)
        {
            cookieContainer.SetCookies(pageUri, c);
        }
    }

    return cookieContainer;
}
Salar
  • 2,088
  • 21
  • 26
  • 3
    This only sets the first cookie. The `SetCookies(Uri, String)` method should only be called once with all cookie values delimited with commas: https://stackoverflow.com/questions/32956693/cookiecontainer-setcookies-only-sets-the-first-one – Dai May 05 '18 at 08:01
14

I guess the problem is that your cookies are secure. The problem is that, CookieContainer won't send secure cookies back to the server in subsequent HTTP requests. It might be a bug, or maybe it has some reasons behind it.

A workaround is to re-add the cookie to CookieContainer manually. This way, cookie would be sent back in HTTP request header, as no secure would be defined when you send cookies back to the server.

See this article for more information.

Saeed Neamati
  • 35,341
  • 41
  • 136
  • 188
  • 1
    Thanks for the feedback and the link, Saeed ! In my case, I just ended up reconfigure my HttpClientHandler as cookieless (hander.UseCookies = false), so that the session-id cookie just needs to be sent as a URL parameter to the web server) – user2038596 Feb 05 '13 at 08:51
  • 4
    @user2038596 - Secure cookies are only sent over secure channels such as HTTPS. See [RFC6265 §4.1.2.5](http://tools.ietf.org/html/rfc6265#section-4.1.2.5) for details. – Unsigned Aug 23 '13 at 22:28
  • I experienced this problem even though the cookie was not secure, I also ruled out the HttpOnly property causing this behaviour. Adding it back into the collection worked in my case as well. – Shaun Nov 26 '20 at 16:44
1

I had problem with cookies because of case difference in path. I logged in to /mysite/login, and set cookie for mysite, but then redirect to /MySite, and HttpClient suddenly discard all the cookies! When I changed adress to /MySite/login all become ok.

Pavel
  • 2,602
  • 1
  • 27
  • 34
0

Perhaps the problem is that your request Url path is to the root of the web site ("/"), but your Set-Cookie header indicates a Path of "/member".

crikey
  • 11
  • 2
0

Make sure you are automatically decompressing the response:

HttpClientHandler handler = new HttpClientHandler()
{
    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};

Example:

var cookieContainer = new CookieContainer();
var clientHandler = new HttpClientHandler {
    AllowAutoRedirect = true,
    UseCookies = true,
    CookieContainer = cookieContainer,
    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
};

var httpClient = new HttpClient(clientHandler);

var httpRequest = new HttpRequestMessage(HttpMethod.Get, "https://example.com/");

var response = httpClient.Send(httpRequest);

response.Headers.TryGetValues("set-cookie", out var cookies);

string test = (new StreamReader(response.Content.ReadAsStream()).ReadToEnd());

Edit

This also populates my cookieContainer automatically. On both a httpClient.GetAsync("https://example.com/") or SendAsync(httpRequest)

Nathan Goings
  • 1,145
  • 1
  • 15
  • 33