From 5753882d7638670b0765e5cb79fcb176afd51a0d Mon Sep 17 00:00:00 2001
From: Aron Griffis <aron@scampersand.com>
Date: Wed, 26 Jun 2024 11:50:27 -0400
Subject: [PATCH] Don't expire cookie with later setting in the same headers

---
 httpie/utils.py        | 9 ++++++---
 tests/test_sessions.py | 9 +++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/httpie/utils.py b/httpie/utils.py
index 4735b2be5d..5ffeb971b7 100644
--- a/httpie/utils.py
+++ b/httpie/utils.py
@@ -167,11 +167,14 @@ def is_expired(expires: Optional[float]) -> bool:
         split_cookies(cookies)
     )
 
-    cookies = [
+    # Use a dict to keep only the last value for each cookie, so that an early
+    # expiration doesn't prevent a later setting in the same headers.
+    cookies = {
         # The first attr name is the cookie name.
-        dict(attrs[1:], name=attrs[0][0])
+        attrs[0][0]: dict(attrs[1:], name=attrs[0][0])
         for attrs in attr_sets
-    ]
+    }
+    cookies = list(cookies.values())
 
     _max_age_to_expires(cookies=cookies, now=now)
 
diff --git a/tests/test_sessions.py b/tests/test_sessions.py
index aa5243487d..bffe61cb69 100644
--- a/tests/test_sessions.py
+++ b/tests/test_sessions.py
@@ -437,6 +437,15 @@ def test_get_expired_cookies_using_max_age(self):
                 datetime(2020, 6, 11).timestamp(),
                 []
             ),
+            (
+                # Don't expire cookie with later setting.
+                (
+                    'session=; Path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT; secure; HttpOnly, '
+                    'session=bar; Path=/; secure; HttpOnly'
+                ),
+                None,
+                []
+            )
         ]
     )
     def test_get_expired_cookies_manages_multiple_cookie_headers(self, cookies, now, expected_expired):