HttpWebRequest Cookie weirdness

Question

I'm sure I must be doing something wrong. But can't for the life of me figure out what is going on.

I have a problem where it seems that the HttpWebRequest class in the framework is not correctly parsing the cookies from a web response.

I'm using Fiddler to see what is going on and after making a request, the headers of the response look as such:

HTTP/1.1 200 Ok
Connection: close
Date: Wed, 14 Jan 2009 18:20:31 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Set-Cookie: user=v.5,0,EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O001000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/
Set-Cookie: minfo=v.4,EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: accttype=v.2,3,1,EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89$98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: linfo=v.4,EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: group=v.1,0; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Content-Type: text/html

But when I look at the response.Cookies, I see far more cookies that I am expecting, with values of different cookies being split up into different cookies.

Manually getting the headers seems to result in more wierdness

eg: the code

foreach(string cookie in response.Headers.GetValues("Set-Cookie"))
{
    Console.WriteLine("Cookie found: " + cookie);
}

produces the output:

Cookie found: user=v.5
Cookie found: 0
Cookie found: EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O00
1000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/
Cookie found: minfo=v.4
Cookie found: EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0
F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$
D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: accttype=v.2
Cookie found: 3
Cookie found: 1
Cookie found: EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89
$98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: tpid=v.1
Cookie found: 20001; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: linfo=v.4
Cookie found: EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: group=v.1
Cookie found: 0; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/

as you can see - the first cookie in the list raw response:

1. Set-Cookie: user=v.5,0,EX01E508801

is getting split into:

1. Cookie found: user=v.5
2. Cookie found: 0
3. Cookie found: EX01E508801E$..........

So - what's going on here?

• Am I wrong?
• Is the HttpWebRequest class incorrectly parsing the http headers?
• Is the webserver that it spitting out the requests producing invalid http headers?

Answer 1

Commas in cookie values are to be avoided - you may need to encode them differently.

The original netscape spec for cookies was a little vague on this issue, stating

NAME=VALUE : This string is a sequence of characters excluding semi-colon, comma and white space. If there is a need to place such data in the name or value, some encoding method such as URL style %XX encoding is recommended, though no encoding is defined or required.

recommended, but not required!

Answer 2

It seems that the server sends incorrect cookie values. IMHO commas are not allowed in cookie values. They need to be encoded with %2C.

Answer 3

you may want to use the integer overload of GetValues(i); you should only get back 7 strings then