- Insomnia Version: 5.15.0
- Operating System: Windows 10 x64 ver 1709 (build 16299.371)
This all seems to be related so I'm gonna create a single issue.
I have a simple application that requires a cookie (consider it an auth cookie, it's used to block access for random people on public test server). Without this cookie every request returns 401 and HTML with input for password (if correct password is provided then cookie will be set from server).
So while developing new API endpoint I sent an POST request, expecting to get 404 because of no endpoint handler being defined yet. I got 401 and input as a response.
So I get to the Cookie tab. Strange thing - even I had cookies set before (long time ago, I had a break of this project and using Insomnia) - the view looks like it's empty.
I ignored it, opened the Manage Cookies view (the old cookie was still there), added access cookie, sent response again. Got same result again. Tried some stuff with Manage Cookies but it all seems not to work (am I not getting the idea of managing cookies right?). So I just get to the Headers and manually added Cookie header.
How I've got 404 Not Found - just as expected... But preview was still showing that input form from unauthorized request. I thought something must be broken in my application, but after debugging for a while I've noticed everything's all right.
I switched Preview view to Source Code view and I noticed the expected output for 404 page. I switched back to Preview and the expected output was in place of that unexpected input. To me it looks like Preview is incorrecty cached or something.
I have no idea if this will be reproduceable for you. It looks like it's reproduceable for me. Video of the issue: https://dl.dropboxusercontent.com/s/6pzlbqxuxj2mu64/2018-04-22_14-35-58.mp4
Let me know if you need more information.
dzek69
All 6 comments
馃憢 Thanks for opening your first issue! If you're reporting a 馃悶 bug, please make sure
you include steps to reproduce it. If you're requesting a feature 馃巵, please provide real
use cases that would benefit. 馃應
To help make this a smooth process, please be sure you have first read the
contributing guidelines.
![welcome[bot] picture](https://avatars0.githubusercontent.com/in/4141?v=4&s=40)
welcome[bot]
on 22 Apr 2018
am I not getting the idea of managing cookies right?
I think this might be the case. Let me explain:
First, the response cookies tab... This only shows a cookie if the current response sent a Set-Cookie header to the client. If the response did not send a Set-Cookie header the view will be blank.
Next, the cookie manager... This contains the global cookie jar with all the cookies for a given workspace. In your video, the cookie you added didn't have the "domain" property set. This is the reason it's not sending. If you set the domain property to 127.0.0.1 it should work. This is because Insomnia decides what cookies to send based on the properties of each cookie in the jar, exactly like a web browser would.
Let me know if that makes sense.
gschier
on 23 Apr 2018
That makes sense, at least partially. Having empty view does make sense. But Cookie Manager should be somewhere in the left pane I think. This is where I define what to send.
And about the domain part. Well. If I do not set a domain on the server when sending the response - browser will automatically match the cookie to a domain and probably all subdomains (I'm not even sure). Sending the domain is for controlling sending the cookie to subdomains. I obviously can't set a cookie for totally different domain. I think it should be expected for Insomnia to do the same. No domain - then I simply want cookie to be sent always.
If you think my thinking is wrong - it would be nice to have a link to documentation that explains current idea of Cookie Manager domains handling somewhere inside Cookie Manager, as I think more people may get confused with that.
dzek69
on 23 Apr 2018
Correct. In the browser, if the server does not specify a domain, the browser will save the cookie using the domain it was received from. Insomnia will do this as well, for cookies received by the server. For cookies created manually, though, it cannot assume which domain you want so you need to specify it explicitly. _(Maybe Insomnia should default the domain field to the domain of the currently-active request?)_
then I simply want cookie to be sent always.
Keep in mind that there may be requests with different domains within the workspace. If Insomnia were to support "domainless" cookies, it would possibly send cookies to the wrong place by accident. Again, this is also how web browsers work. If you were to manually add a domainless cookie to your web browser (not sure it's even possible), it would never be sent.
gschier
on 23 Apr 2018
it would be nice to have a link to documentation
Totally agree. There aren't really any docs on how cookies currently work but there definitely should be 馃憤 馃槂
gschier
on 23 Apr 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 22 Jun 2018
Related issues
claratorres
路
3Comments
chrisvis
路
4Comments
artoodeeto
路
4Comments
paulleduc
路
4Comments
meixger
路
3Comments
Most helpful comment
I think this might be the case. Let me explain:
First, the response cookies tab... This only shows a cookie if the current response sent a
Set-Cookieheader to the client. If the response did not send aSet-Cookieheader the view will be blank.Next, the cookie manager... This contains the global cookie jar with all the cookies for a given workspace. In your video, the cookie you added didn't have the "domain" property set. This is the reason it's not sending. If you set the domain property to
127.0.0.1it should work. This is because Insomnia decides what cookies to send based on the properties of each cookie in the jar, exactly like a web browser would.Let me know if that makes sense.