retrieve cookies after redirect

Question

class ...
self.response.headers.add_header('Set-Cookie','user_id = %s'% id_and_hash)
        self.redirect("/app/login")

class ThanksHandler(webapp2.RequestHandler):
    def get(self):
        if 'user_id' in self.request.cookies:
            self.response.out.write('user_id')
        else:
            self.response.out.write("wrong") // what i am getting

and i have this cookie (I saw in a manager of cookies)

name: user_id
content: 30|a9bdc98e952c0e787aaf0e5466809eea71635d38446d30a9f71f2d15e99fa701

well, basically the problem is that i can't retrieve the cookie that has been initialized. Any reason for that?

Answer 1

When setting the cookie directly using the "Set-Cookie" HTTP-header you have to also take care of the cookie-attributes (depending on how you want to use the cookie).

In this case you set the cookie for example in the path /app/auth and then redirect to /app/login. If you don't explicit specify the cookie-path the browser assumes /app/auth and therefore the cookie is not sent when requesting /app/login. This behaviour is specified in the RFC 6265 (this is more recent than the one I cited in my comment but now the exact algorithm is included in section 5.1.4).

To set the path (or any other cookie-attribute) you can append a list of semicolon-delimited name=value pairs. In this case you want to set the path to / (it could be something different like /app):

self.response.headers.add_header('Set-Cookie','user_id=%s; Path=/'% id_and_hash)

Of course most libraries/frameworks already provide a wrapper for the "Set-Cookie" header. In the case of "webapp2" you can set the cookie with response.set_cookie:

self.response.set_cookie('user_id', id_and_hash)

It's automatically setting the path to / so you don't have to worry about it (it does escape the values properly too).