rest-assured-net: Could it be that large cookies are not displayed in the response?

Hello I had such a problem

I am running a post query: https://site.com/login/Authenticate.bam?email=login@email.com&password=pass

It returns multiple cookies in the response.

Set-Cookie: 
Id=118547; path=/; 
secure, _CSRFCOOKIE=a6ad9354-6c83-9572-9b8a-4e3d71eb8d48; path=/; 
secure, PeriodId=118547; path=/; secure

But it doesn’t return one long cookie. In postman the response will look like this

Id=118547;
_CSRFCOOKIE=a6ad9354-6c83-9572-9b8a-4e3d71eb8d48; 
PeriodId=118547; 
Auth=CE0B9D9E8AC0EDC39F07A852963233EB0848B9334FD64B1761E04EEAFF40E8DE627F521CAA38B5BAC865EE9ED684C307E2CB9B2405A2828F20160051F2146ECBB0C8B27A811E06AD5E77FC24FB5F4D3CD9BEA478BAEF53235EC0EED9BC446D60A343C692458695FA29AE974E8BDC7C7A65258B1C8FA7C57AFB09CF4A4CDE45E58D2B6945CB840EACF1CFA4829B9C48D912A55448CC6DF8B17C3139618039ECC30007B013;

About this issue

Original URL
State: closed
Created a year ago
Comments: 40 (22 by maintainers)

Most upvoted comments

No problem, thank you for the feedback, @workmichsem. Closing this issue.

basdijkstra on Jul 7, 2023

@workmichsem, version 3.0.0 is live: https://www.nuget.org/packages/RestAssured.Net/3.0.0

basdijkstra on Jul 4, 2023

All added. This is what’s logged now (as an example) when you using ResponseLogLevel.All or ResponseLogLevel.Headers:

Cookie: Auth=123, Domain: localhost, HTTP-only: True, Secure: True

All this will be included in the 3.0.0 release which I think will go live today or tomorrow.

Thank you again for your patience, @workmichsem, it took me a while to figure out what you meant but in the end, the library has improved because of it. Thank you so much for your support.

Please test this with the proper 3.0.0 release and close the issue when you think all is OK.

basdijkstra on Jul 4, 2023

Ah that’s great news!

Yes, logging cookies is entirely possible, quite easily even now that this works. What I’ll be adding:

Methods to verify cookie values
Logging cookies as part of Log(ResponseLogLevel.All)
More tests, especially around multi-value cookies

I also want to build something that enables the user to replace the value of a cookie (and a header) with something like ***** when logging, to enable ‘more secure’ logging, but that’s going to be a different story and probably not part of the 3.0.0 release.

Anything else you think I should add? If not I’ll get to work on this. Should not take me too long.

basdijkstra on Jul 4, 2023

So, the only difference between the Auth cookie and the other ones in your example is that it’s HttpOnly, a way to restrict access to cookies.

The problem here is that when I add a cookie in my stub response like this:

this.Server?.Given(Request.Create().WithPath("/response-with-cookies").UsingGet())
                .RespondWith(Response.Create()
                .WithStatusCode(200)
                .WithHeader("Set-Cookie", "Auth=supersecret; HttpOnly")
                .WithHeader("Content-Type", "text/plain"));

and then inspect the CookieCollection of the HttpHandler I use to send the request and print some details about the cookie:

Console.WriteLine($"COOKIES: {this.handler.CookieContainer.Count}");
var cookieEnum = this.handler.CookieContainer.GetCookies(new Uri("http://localhost:9876/response-with-cookies")).GetEnumerator();
cookieEnum.MoveNext();
Cookie cookie = (Cookie)cookieEnum.Current;
Console.WriteLine($"NAME: {cookie!.Name}");
Console.WriteLine($"HTTPONLY: {cookie!.HttpOnly}");

I see this:

COOKIES: 1
NAME: Auth
HTTPONLY: True

so I know I set the cookie to HttpOnly successfully. If I then print the response, I do see the cookie:

Set-Cookie: Auth=supersecret; HttpOnly

I’m out of options here at the moment. Unless I find a way to reproduce or at least have a look at what you see on your end, there’s no way I can address this issue at the moment, @workmichsem.

basdijkstra on Jun 29, 2023

No problem. Thanks, that’s already very helpful. I’ll get to work. Don’t know exactly when but I’ll try and spend some time on this soon.

basdijkstra on Jun 26, 2023