Session cookie with indy

Question

I must browse a certain site that keeps a session id with indy's idhttp .

i use the following code to initalize the components i need.

procedure InitSession;
begin
  Initalized := True;
  try
  ihttp := TIdHTTP.Create(nil); //the variables are declared globally
  idCookie := TIdCookieManager.Create(nil);
  ihttp.ConnectTimeout := 5000;
  ihttp.AllowCookies := true;
  ihttp.HandleRedirects := true;
  ihttp.CookieManager := idCookie;
  except
  Initalized := False;
  end;
end;

The problem is when i am making a request the cookie isn't sent. What do i need to do in order to send the cookie witch contains the session id. Thanks

Answer 1

Is there a problem with cookies that do not have a DOMAIN property? The IdCookie that comes with DXE2 fails to parse cookies that do NOT have a MAX-AGE property, DO have an EXPIRES property, and do NOT have a DOMAIN property. See IdCookie.pas 675 for where S seems to have an unexpected value (left over from parsing the expires property).

Answer 2

If a cookie is not being sent back in new requests, then either TIdCookieManager rejected the cookie when it was received, or is not matching the accepted cookie to the new requests. Can you show the actual Set-Cookie response header(s) that are sending cookies, and the URL(s) you think cookie(s) are not being sent back to correctly? Did you verify that after receiving a cookie, it actually ends up in TIdCookieManager before sending a new request?

Which version of Indy are you using? Prior to 2011, earlier releases of Indy 10 did have broken cookie handling that was basically unusable. But in early 2011, IdCookieManager.pas and IdCookie.pas were complete re-written from scratch, and since May 2011 onwards have been working properly and I have not seen any new reports of cookie mishandling.