Ocelot: Investigate - Cookies are not thread safe when using CookieContainer

Created on 14 Mar 2018  Â·  9Comments  Â·  Source: ThreeMammals/Ocelot

I have found a Bug about cookie in Ocelot ; let me describe it : I have two pc,both of them will request the ocelot which deployed in cloud server and both of them are in the same LAN ; then the website behind the ocelot will get the cookie2 from pc1's request; in fact the cookie2 belongs to pc2; how can i sove this problem?

question

Most helpful comment

I'm sorry ,I add a config of ocelot and solved this problem.UseCookieContainer:false ; Force the httpclient not to use cookie; if you have free time ,can you explain why the httpclient request downstream with setting "UseCookies false" can bring my upstream request's cookie to my webapi

All 9 comments

Could you please produce more information about the repro steps, I mean the process of operation to trigger this issue?

PC1 request Server set-cookie "guid":xxxx0001; PC2 request Server set-cookie "guid":xxxx0002; then PC1request server and bring with "guid":xxxx0001 to server ;PC2 PC1request server and bring with "guid":xxxx0002 to server; i Capture the request bag and find that it's write ; But when i debug in websit behind the ocelot and find that pc1'request has "guid":xxxx0002

@jiekexinduo thanks for your interest in the project! Can you paste your configuration.json here and I will try and replicate the problem!

@Anduin2017 thanks for helping out :)

thanks for reply.I remove the ocelot and use the front web request my web api directly and it's right; so i doubt that maybe the ocelot do some otherthing caused this result. today i continue debug my code and i found a strange thing: when i use Request.Headers.GetCookies(“guid”) it had two guid key ,one of them belonged to PC2; and the other is my needs; and I used the HttpContext.Current.Request.Cookies["guid"].Value to get the cookie value; and this code always get the error guid when i request webapi through the ocelot;

{

"ReRoutes": [
{
"DownstreamPathTemplate": "/sso/{everything}",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 8080
}
],
"UpstreamPathTemplate": "/sso/{everything}",
"UpstreamHttpMethod": [ "Post", "Get", "OPTIONS" ],
"ReRouteIsCaseSensitive": false
}
],
"GlobalConfiguration": {
"BaseUrl": "http://localhost:5000"
}
}

I'm sorry ,I add a config of ocelot and solved this problem.UseCookieContainer:false ; Force the httpclient not to use cookie; if you have free time ,can you explain why the httpclient request downstream with setting "UseCookies false" can bring my upstream request's cookie to my webapi

@jiekexinduo I think this is a bug I will look into it more. Ocelot caches HttpClient instances and the cookie container is also cached as part of this. When you make your request this is what causes the issue.

When you don’t use th cookie container it doesn’t matter that it caches!

Will leave issue open until I can look at this to remind me!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Marusyk picture Marusyk  Â·  3Comments

jefferson picture jefferson  Â·  3Comments

yangzhongke picture yangzhongke  Â·  6Comments

dmitriifilonenko picture dmitriifilonenko  Â·  5Comments

TomPallister picture TomPallister  Â·  4Comments