Don't expire cookie with later setting in the same headers

httpie · Jun 26, 2024 · 5753882 · 5753882
1 parent 5c068f8
commit 5753882
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/httpie/utils.py b/httpie/utils.py
@@ -167,11 +167,14 @@ def is_expired(expires: Optional[float]) -> bool:
         split_cookies(cookies)
     )
 
-    cookies = [
+    # Use a dict to keep only the last value for each cookie, so that an early
+    # expiration doesn't prevent a later setting in the same headers.
+    cookies = {
         # The first attr name is the cookie name.
-        dict(attrs[1:], name=attrs[0][0])
+        attrs[0][0]: dict(attrs[1:], name=attrs[0][0])
         for attrs in attr_sets
-    ]
+    }
+    cookies = list(cookies.values())
 
     _max_age_to_expires(cookies=cookies, now=now)
 

diff --git a/tests/test_sessions.py b/tests/test_sessions.py
@@ -437,6 +437,15 @@ def test_get_expired_cookies_using_max_age(self):
                 datetime(2020, 6, 11).timestamp(),
                 []
             ),
+            (
+                # Don't expire cookie with later setting.
+                (
+                    'session=; Path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT; secure; HttpOnly, '
+                    'session=bar; Path=/; secure; HttpOnly'
+                ),
+                None,
+                []
+            )
         ]
     )
     def test_get_expired_cookies_manages_multiple_cookie_headers(self, cookies, now, expected_expired):