Cookies are not passed to the redirect calls

[pylesage]

In case you get a redirect , the cookie recieved from the first result should be passed the following ones.
By now they are getting lost.

The usecase I encountered:

• POST to a login api , the api response provides a cookie
• following the redirect issues a second call (get or post based on config) but the recieved cookie is not passed to this second call.
• the redirect call recieves a new cookie which is not valid anymore

A possible workaround is to read the cookies from the first call issued and passing it to the next ones manually.

I suspect we should copy the cookies recieved from the response to the next request here:

sttp/core/src/main/scala/sttp/client3/FollowRedirectsBackend.scala

Line 73 in 7e76fb5

.apply(request.copy[Identity, T, R](uri = uri))

[adamw]

Automatically propagating cookies can be a security issue, hence it's not enable by default. You can change that behavior by changing the sensitiveHeaders parameters of FollowRedirectsBackend, and removing Cookie (and possibly SetCookie) from the set. So sth along the lines should work:

val backend = new FollowRedirectsBackend(myBackend, sensitiveHeaders = HeaderNames.SensitiveHeaders - HeaderNames.Cookie)

[karl-chan]

@adamw What OP described is a different problem, the Set-Cookie: headers from the response of the Nth redirect need to be saved and added to the Cookie: header of the request for the N+1th redirect onwards (obviously only if the domain matches for security reasons), but the FollowRedirectsBackend does not have built-in logic to handle this scenario.

[adamw]

@karl-chan Ah yes, this makes sense - can you open a new issue? This could take the form of more general header rewriting on redirect, with a default rule of Set-Cookie -> Cookie (if same domain) built-in, but maybe there are more cases like this