IosHttpURLConnection. During redirection, if intermediate cookies have expired, the next request still has this cookie

[kluverua]

If cookie expiries while redirecting(Set-Cookie: cook=1 Expires=1999), it still present on next redirected request.
Android successfully copes with this, but unfortunately the implementation for IOS does not.

I think problem in this code:
/jre_emul/Classes/com/google/j2objc/net/IosHttpURLConnection.java:794
It cannot determine that a cookie similar to this "sessionid=22; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly"
shoul be removed.

To test this problem here is a test service with GET method https://damp-dawn-68572.herokuapp.com/myapp
It checks cookies and if it contains "sessionid=22" expires that cookie and redirects to itself

Server Node.js source code:

app.get('/myapp', (req, res) => {
	cookie = req.headers.cookie || "";
	if (cookie.indexOf("sessionid=22") >= 0) {
		res.cookie('sessionid', 22, { expires: new Date(0), httpOnly: true });
		return res.redirect('/myapp');
	} else {
		return res.send('Request cookies: ' + cookie.split('; '));
	}
});

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.CookieHandler;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

try {
	CookieManager cookieManager = new CookieManager(null, CookiePolicy.ACCEPT_ALL);
	CookieHandler.setDefault(cookieManager);
	CookieHandler cookieHandler = CookieHandler.getDefault();
	cookieHandler.put(new URI("https://damp-dawn-68572.herokuapp.com"), new HashMap<String, List<String>>() {{
		put("Set-Cookie", Arrays.asList("sessionid=22", "name=1"));
	}});
	HttpURLConnection connection = (HttpURLConnection) new URL("https://damp-dawn-68572.herokuapp.com/myapp").openConnection();
	connection.getResponseCode();
	BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
	StringBuilder sb = new StringBuilder();
	String output;
	while ((output = br.readLine()) != null) {
		sb.append(output);
	}
//Expect here 'Request cookies: name=1'
	System.out.println("!@# body " + sb.toString());
	connection.disconnect();
} catch (Exception e) {
//Error here on iOS: Error Domain=NSURLErrorDomain Code=-1007 "too many HTTP redirects" 
	System.out.println("!@# error " + e.getMessage());
	e.printStackTrace();
}
CookieHandler cookieHandler = (CookieHandler)CookieHandler.getDefault();
Map<String, List<String>> s = cookieHandler.get(new URI("https://damp-dawn-68572.herokuapp.com"), new HashMap());
List<String> cc = s.get("Cookie");
if (cc == null) {
	System.out.println("!@# Cookie store empty");
} else {
	System.out.println("!@# Cookie store contains:");
	for (String c : cc) {
//Expect here only 'name=1'
		System.out.println("!@# -- " + c);   
	}
}

[tomball]

Thanks for the clear explanation, along with the test server example. We won't be able to include the Node.js code in a regression test, but it will be used independently to fix this, and hopefully can be reworked as a MockWebServer config.

[StasKalishenko]

@tomball Do you have any update?

[tomball]

No, I've been stretched really thin the past few months.

Would anyone want to try fixing this and submitting a pull request? If I remember correctly, the cookie support is 100% Java, so one doesn't need to be an iOS expert to investigate it. There's an IntelliJ project, jre_emul/jre_emul.iml that makes working on the Java side relatively easy. A Mac is still necessary to build, of course.