Cookie not evicted when following redirects

[pankgeorg]

• Julia 1.7.1
• HTTP.jl 0.9.17
• MbedTLS.jl 1.0.3

https://httpwg.org/specs/rfc6265.html#sane-set-cookie-semantics

If the user agent receives a new cookie with the same cookie-name, domain-value, and path-value as a cookie that it has already stored, the existing cookie is evicted and replaced with the new cookie. Notice that servers can delete cookies by sending the user agent a new cookie with an Expires attribute with a value in the past.

Assume a cookie is set in a cookie jar with

[200] Set-Cookie: session=alD|165|Sm4; Expires=Tue, 14 Jun 2022 18:58:28 GMT; Max-Age=604800; Domain=example.dev; Path=/; SameSite=Lax; Secure; HttpOnly

If a request is done as follows: HTTP.request(; redirect=true, cookiejar=cookiejar) and the first response is a 302 with a Set-Cookie like this

[302] Set-Cookie: session=alD|166|rO2; Expires=Tue, 14 Jun 2022 18:58:29 GMT; Max-Age=604800; Domain=example.dev; Path=/; SameSite=Lax; Secure; HttpOnly

Then the second request will be sent with a cookie that includes both cookies, without evicting the first one.

[nxt] Cookie:     session=alD|165|Sm4; session=alD|166|rO2; 

[quinnj]

This should be fixed on master; sorry about the slow release, but there have been a few breaking changes merged and we're getting close to a 1.0 release. If you're able to test it out on the master branch, that'd be great to ensure it is indeed fixed (you can checkout the branch by doing ] add HTTP#master).

[pankgeorg]

This should be fixed on master; sorry about the slow release, but there have been a few breaking changes merged and we're getting close to a 1.0 release. If you're able to test it out on the master branch, that'd be great to ensure it is indeed fixed (you can checkout the branch by doing ] add HTTP#master).

No worries. Indeed it looks fixed on master, thanks!