Double quote Cookie is incorrect

[lisongkun]

I encountered an issue with cookies being enclosed in double quotes when implementing third-party website login using the Flurl dependency. However, Flurl automatically removes the double quotes, whereas Python Requests retains them. This discrepancy between the two parts in subsequent requests might be one of the reasons for my login failure, but I’m not sure. I need to eliminate each potential problem one by one. I tried the following code, but it had no effect, and the cookie even disappeared from the request headers.

var cookie = session.Cookies.First(i => i.Name == "Y1vJ4IdorMglXdNk");
session.Cookies.Remove(i => i.Name == "Y1vJ4IdorMglXdNk");
session.Cookies.AddOrReplace(new FlurlCookie(cookie.Name, $"\"{cookie.Value}\"", cookie.OriginUrl));

I’m not sure if this is a bug in Flurl. Please provide me with a method to automatically handle wrapping cookies in double quotes, or tell me how to manually handle it.

[tmenier]

As I understand it, quotes around cookie values are optional and when a server sends a Set-Cookie response header with a quoted value, that does not obligate the client to quote the value when sending it back in the Cookie request header. If the server is not processing the unquoted value correctly, then I think that's where the bug is. Flurl's cookie session functionality isn't going to allow you to work around this very easily, unfortunately. You likely have to resort to using WithCookie or WithHeader to write the cookies explicitly each time.

[lisongkun]

Thank you for your suggestion. I have finally resolved this issue. It appears that Flurl internally performed some unexpected manipulations on the cookies of my request, which had me stuck for several days. Although I still haven’t figured out the exact cause, switching to the following code did achieve the desired effect. Do you think it’s worth further investigating? I’m willing to provide more information and a demo. I believe Flurl is a great library, and I hope it can become as robust as Python Requests!

var request = await session.Request("target")
    .WithHeaders(DefaultHeaders)
    .PostJsonAsync(requestBody);
var response = await request.GetJsonAsync<LoginResponseVo.Root>();

var cookie = session.Cookies.First(i => i.Name == "Y1vJ4IdorMglXdNk");
var removeHeader = new List<string>() { "SSOExpireTime", "jwt" };
session.Cookies.Remove(i => !removeHeader.Contains(i.Name) );
session.Cookies.AddOrReplace(new FlurlCookie(cookie.Name, $"\"{cookie.Value}\"", cookie.OriginUrl));
DefaultHeaders["Cookie"] = FlurlUtil.ConvertCookieJarToString(session.Cookies);

var ticketLoginResponse = await session.Request("target")
    .WithHeaders(DefaultHeaders)
    .BeforeCall(call =>
    {
        call.Request.WithHeader("Cookie", FlurlUtil.ConvertCookieJarToString(call.Request.CookieJar));
    })
    .WithSettings(action =>
    {
        action.Redirects.ForwardAuthorizationHeader = true;
        action.Redirects.Enabled = true;
        action.Redirects.ForwardHeaders = true;
    })
    .SetQueryParams(new
    {
        school_id = string.Empty,
        ticket = response.rs.serviceTicket
    }).GetStringAsync();
    ```