Unable to override cookie policy in Session.prepare_request

[bdusell]

I would like to be able to override the cookie policy used by a Session when making a request or when using a Session to prepare a request. However, overriding the cookie policy on the cookie jar of the Session or of the Request object has had no effect. This line of code explains why:

https://github.com/kennethreitz/requests/blob/master/requests/sessions.py#L377

The cookie jars of both the session and the request are merged into a newly constructed RequestsCookieJar, discarding the policies of both. I believe there should be a way to inject a non-default cookie policy at this point.

What I expected to be able to do, and what isn't working currently, is something like the following:

import requests
s = requests.Session()
s.cookies = requests.cookies.RequestsCookieJar(policy=MyCustomCookiePolicy())
s.get('http://httpbin.org/cookies/set?k2=v2&k1=v1') # Put some cookies in the jar
r = requests.Request('GET', 'http://httpbin.org/cookies')
pr = s.prepare_request(r) # Include certain cookies in the jar based on arbitrary rules
# Print the request data for debugging
s.send(pr)

[nateprewitt]

I think it would make sense to at least preserve the cookie policy in merge_cookies. This could be pretty quickly accomplished adding a line here with something like:

cookiejar.set_policy(cookies._policy)

[bdusell]

AFAIK there is no public API for getting the policy of a cookie jar (it's stored under _policy in cookielib.CookieJar).

https://docs.python.org/2.7/library/cookielib.html#cookiejar-and-filecookiejar-objects

[Lukasa]

Honestly, I'm not hugely convinced that this is an idea that's worthwhile pursuing in Requests. Generally speaking Requests aims to keep its API fairly simple, and we often don't add options when they have minimal utility (which this one does).

I could potentially be convinced to accept a patch to the RequestsCookieJar that exposes the policy publicly, allowing it to be persisted, but honestly it feels like it's pretty close to overkill.

[bdusell]

I believe the original motivation for copying the cookies to a new RequestsCookieJar was to avoid modifying the original cookie jar objects. This makes some sense, because if both the session and the request have jars, this would mean the cookies of one will be unexpectedly copied into the other. The authors chose to pick neither.

You could change prepare_request so that it always copies the request cookies into the session cookie jar, but that would be a behavioral change in requests. Perhaps a sensible alternative would be to add a public method to Session which constructs the blank cookie jar object, making it possible to override it?

def empty_cookie_jar(self):
    return RequestsCookieJar()

[Lukasa]

@bdusell I'm strongly averse to adding more methods to Session if they can possibly be avoided. I'd altogether be happier to have helpers on the RequestsCookieJar that merge_cookies uses.

[Lukasa]

Or possibly even allow merge_cookies to accept a None in the first parameter and respond to that by copying the cookiejar in the second parameter.

[bdusell]

Okay, so one possibility is:

1. Override RequestsCookieJar.__init__ and RequestsCookieJar.set_policy to save the policy.
2. Expose the policy through get_policy() or some such.

[Lukasa]

So that there is something I'm much more willing to consider.

[nateprewitt]

This should now be resolved with #4042.