Bug 11652 - System.Net.CookieException: Invalid cookie domain is thrown if cookie does not have explicit domain
Summary: System.Net.CookieException: Invalid cookie domain is thrown if cookie does no...
Status: NEEDINFO
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: 2.10.x
Hardware: All All
: --- normal
Target Milestone: Untriaged
Assignee: Martin Baulig
URL:
Depends on:
Blocks:
 
Reported: 2013-04-08 11:40 UTC by Ben
Modified: 2016-11-11 09:50 UTC (History)
12 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Ben 2013-04-08 11:40:23 UTC
I have an issue with
System.Net.CookieException: Invalid cookie domain
Using Mono 2.10.12 (mono-2-10/c9b270d)

I create HttWebRequest with AllowAutoRedirect=true (default value), the server responses with
302 and redirects to another subdomain which sets cookie. So original request
goes to domainA.company.com which redirects to domainB.company.com and cookies
have domain domainB.company.com

The code works fine on desktop .NET but mono throws System.Net.CookieException:
Invalid cookie domain.
Comment 1 Ben 2013-04-09 11:51:43 UTC
Turns out fails even without the redirect.
The cookies server responds with are:
Set-Cookie: MSPRequ=lt=1365519346&co=1&id=500046; path=/;version=1
Set-Cookie: MSPOK=$uuid-62c1e481-e5ba-4704-a392-1f49362250ed; path=/;version=1

This is where it fails System.Net.CookieContainer.cs

		void AddCookie (Cookie cookie)
		{

			if ((cookie.Version == 1) && (cookie.Domain[0] != '.'))
				throw new CookieException ("Invalid cookie domain: " + cookie.Domain);

			if (cookie.HasDomain && !CheckPublicRoots (cookie.Domain))
				throw new CookieException ("Invalid cookie domain: " + cookie.Domain);

Any suggestions?
Comment 2 Ben 2013-04-09 12:00:56 UTC
Suggested fix is
if ((cookie.Version == 1) && cookie.HasDomain && (cookie.Domain[0] != '.'))
				throw new CookieException ("Invalid cookie domain: " + cookie.Domain);
Comment 3 Ben 2013-08-04 10:34:54 UTC
here is the code:
var request = (HttpWebRequest)WebRequest.Create(uri);
request.CookieContainer = new System.Net.CookieContainer();
request.Method = "GET";
request.UseDefaultCredentials = true;
request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";

        try
        {
           var response = request.GetResponse();
        }
        catch (WebException ex)
        {  // CookieException here }
this is HTTP traffic:

GET https://login.microsoftonline.com/login.srf?wa=wsignin1%2E0&rpsnv=2&ct=1375625757&rver=6%2E1%2E6206%2E0&wp=MBI&wreply=https%3A%2F%2Fhdrcloud%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&lc=1033&id=500046&guests=1 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: login.microsoftonline.com

server reply,
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 20412
Content-Type: text/html; charset=utf-8
Expires: Sun, 04 Aug 2013 14:15:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1375625760&co=1&id=500046; path=/;version=1
Set-Cookie: MSPOK=$uuid-a5bdc46a-9263-4c25-a579-086ebe400b7b; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: CO1IDOLGN54 V: 0
Date: Sun, 04 Aug 2013 14:15:59 GMT
Connection: close

here is exception occurring only in mono

ex {System.Net.WebException: Invalid cookie domain: login.microsoftonline.com ---> System.Net.CookieException: Invalid cookie domain: login.microsoftonline.com at System.Net.CookieContainer.AddCookie (System.Net.Cookie cookie) [0x00000] in :0 at System.Net.CookieContainer.Add (System.Uri uri, System.Net.Cookie cookie) [0x00000] in :0 at System.Net.HttpWebResponse.SetCookie (System.String header) [0x00000] in :0 at System.Net.HttpWebResponse.FillCookies () [0x00000] in :0 at System.Net.HttpWebResponse..ctor (System.Uri uri, System.String method, System.Net.WebConnectionData data, System.Net.CookieContainer container) [0x00000] in :0 at (wrapper remoting-invoke-with-check) System.Net.HttpWebResponse:.ctor (System.Uri,string,System.Net.WebConnectionData,System.Net.CookieContainer) at System.Net.HttpWebRequest.SetResponseData (System.Net.WebConnectionData data) [0x00000] in :0 --- End of inner exception stack trace ---
Comment 4 aao 2013-08-16 22:39:32 UTC
The problem is the version . All cookies without version work fine. I removed version and my code started to work. I was manually setting cookie header in the previous version, never noticed it, this version xamarin team disabled that functionality for some reason, the only way to set the cookies is through that annoying collection.
Comment 5 Aaron Robertson-Hodder 2013-10-16 20:25:21 UTC
This has become a major issue for us at this point because it seems there has been a change in the cookie that is issue by SharePoint online (Office 365). This cookie now have a version of 1 and a domain of login.microsoftonline.com as Ben says above. Unless I am very much mistaken there is no way to work around this and therefore all authentication to SharePoint Online is now broken for Mono. 

While I understand that this cookie now violates the RFC in this regard, the fundamental purpose of Mono is to replicate the .Net Framework not to adhere to standards.

This issue is very critical to our business at this point and if there is anything that can be done we would really appreciate it. 

Thanks,

Aaron.
Comment 6 Ben 2013-10-23 16:11:41 UTC
This is fun how guys are selling commercial product and refuse to address a bug reported more than 6 months ago.
Comment 8 Adam Lepley 2014-01-28 09:26:57 UTC
I am having this same issue connecting to a cloud platform (Service-Now) using their auto generated REST API's. Same code works perfectly in a normal command line .NET 4.5 app. I verified and I am receiving cookies with version=1, but I don't have control over this. Hopefully this gets addressed soon. Data exchanges with our cloud platform is obviously critical functionally and our project is now at a standstill. I wish I would have discovered this before purchasing Xamarin.
Comment 10 Rodja Trappe 2014-07-20 09:05:06 UTC
It's really painful to see this bug still exists. I've worked around the issue by doing all the cookie handling myself:

...
# getting cookies from a request object
var response = (HttpWebResponse) request.GetResponse();
var cookieHeader = response.Headers["Set-Cookie"]
...

# adding cookies to new requests or in this example a WebClient
using (var client = new WebClient()) {
    client.Headers[HttpRequestHeader.ContentType] = "application/json";
    headers.Add("Cookie", cookieHeader);
    var response = client.DownloadString.... or similar stuff
}


What a mess.
Comment 11 Martin Baulig 2016-11-11 09:50:36 UTC
Does this problem still exist?

Note You need to log in before you can comment on or make changes to this bug.