Framework: It's impossible to queue cookies with the same name

Created on 23 May 2019 · 5Comments · Source: laravel/framework

Laravel Version: 5.7 to 5.8
PHP Version: 7.2.18
Database Driver & Version: MySQL 5.7.26

Description:

I found that it's impossible to queue two or more cookies with the same name but a different path, as the CookieJar itself maintains a queue against the associative array, which obviously will merge any element that has the same name.

Currently, I experienced this bug on Laravel 5.7 but it still in 5.8, since the implement of CookieJar is the same.

Steps To Reproduce:

Create a new Laravel project from scratch;
Edit routes/web.php and fill with code below:

```
Route::get('/', function () {

$response = response('Laravel 5.8 / (<a href="subpath">subpath</a>)');

Cookie::queue(Cookie::make(
    'mycookie',
    'value',
    0,
    '/'
));

Cookie::queue(Cookie::make(
    'mycookie',
    'value',
    0,
    '/subpath'
));

foreach (Cookie::getQueuedCookies() as $cookie) {
    $response->cookie($cookie);
}

return $response;

});

Route::get('subpath', function () {
return 'subpath';
});


3. Serve this project. In this case, I ran with  `php artisan serve` with its default setting at http://127.0.0.1:8000. Access the root of the url. Laravel returns a response with headers as below:

```HTTP
HTTP/1.1 200 OK
Host: 127.0.0.1:8000
Date: Wed, 29 May 2019 18:51:03 GMT
Connection: close
X-Powered-By: PHP/7.2.18
Cache-Control: no-cache, private
Date: Wed, 29 May 2019 18:51:03 GMT
Content-Type: text/html; charset=UTF-8
Set-Cookie: mycookie=eyJpdiI6IldHUXJ5VDdZbFM5djJzWEtabWl6dnc9PSIsInZhbHVlIjoic1BMc2U1SDc2cTZOelc4Qlwvc1I4eVE9PSIsIm1hYyI6Ijc3NGU1NWZjMDljZWU2NGI1OGZiN2Q2NzZmYzMyYjdiYWJhZWM5OGVlYTBlZjg0NjNmYTg0ZTVkM2ViMjIwYWEifQ%3D%3D; path=/subpath; httponly
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjFmMWVVWnl1OFA3c01VNTVOR3l5d1E9PSIsInZhbHVlIjoiUG5mU0dkUnA3Zkw5eDhpUWFsREFUZW9YSlRLY1o1aWJlYUNsWXM4U01PSldHXC9cL0RlR3lZK0ZDVkQrY0F0MVh6IiwibWFjIjoiMmRlZGZkMTg5ZDE0MmYxZDM5ZWEwM2Y4ODEyYmY5N2NjMWFjYjZmZDdjNzIyMzQxOGU1M2MyZGQxZDczNTBmMiJ9; expires=Wed, 29-May-2019 20:51:03 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6ImRLdVpmdnc4QlF5bjNvNVFnUTEzb3c9PSIsInZhbHVlIjoiVEhVbzd3VmdaZk0zTUNzbFdQY0p5bHl1RHlYelRibmhjSGJoZ1FsdTF1SU44T05jNUxuUEcxdXdqN0l2NzNUTCIsIm1hYyI6IjVlNjQ4ZDJiZTg2MmIwYjVmMmI5ODllOWZhZTQ4MmUzMWZiNjIwYTAzY2U3ZDFmODIzZTAwYTQ3ZWRiNWRjYzMifQ%3D%3D; expires=Wed, 29-May-2019 20:51:03 GMT; Max-Age=7200; path=/; httponly

The problem produced. I set two cookies in the code at 2nd step but got only the last one.

bug

Source

hienning

Most helpful comment

A possible fix for this could be a nested array with the cookie paths as keys for the underlying array.
For the methods like queued, unqueue hasQueued we could use an optional parameter path to be backwards compatible. Without the optional parameter, the methods will return the latest added cookie with the given name.
For the getQueuedCookies method, we could also use an optional parameter to return all cookies with the different paths and without the parameter, the method returns the queued array with only one cookie per name and the name as array keys, as it does now.
I would like to create a PR but I'm not sure if this would be a bugfix, because it doesn't look like this was intended in the past.