diff options
| author | Shadab Zafar <dufferzafar0@gmail.com> | 2016-07-07 23:25:39 +0530 |
|---|---|---|
| committer | Shadab Zafar <dufferzafar0@gmail.com> | 2016-07-09 22:20:25 +0530 |
| commit | 608435cabf03e759118f2314490dcee5539f6f66 (patch) | |
| tree | e825831b8274c1d1d00afe66758a860374f0e624 | |
| parent | 695c7368e6e4474268df0319b78b9536bae9fe39 (diff) | |
| download | mitmproxy-608435cabf03e759118f2314490dcee5539f6f66.tar.gz mitmproxy-608435cabf03e759118f2314490dcee5539f6f66.tar.bz2 mitmproxy-608435cabf03e759118f2314490dcee5539f6f66.zip | |
Delete stickycookies when told by the server
Fixes #1096
| -rw-r--r-- | mitmproxy/flow/modules.py | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/mitmproxy/flow/modules.py b/mitmproxy/flow/modules.py index cba96fbc..46da5b64 100644 --- a/mitmproxy/flow/modules.py +++ b/mitmproxy/flow/modules.py @@ -1,8 +1,10 @@ from __future__ import absolute_import, print_function, division import collections +import email.utils import hashlib import re +import time from six.moves import http_cookiejar from six.moves import urllib @@ -320,10 +322,33 @@ class StickyCookieState: for name, (value, attrs) in f.response.cookies.items(multi=True): # FIXME: We now know that Cookie.py screws up some cookies with # valid RFC 822/1123 datetime specifications for expiry. Sigh. - a = self.ckey(attrs, f) - if self.domain_match(f.request.host, a[0]): - b = attrs.with_insert(0, name, value) - self.jar[a][name] = b + dom_port_path = self.ckey(attrs, f) + + if self.domain_match(f.request.host, dom_port_path[0]): + + # See if 'expires' time is in the past + expired = False + if 'expires' in attrs: + e = email.utils.parsedate_tz(attrs["expires"]) + if e: + exp_ts = email.utils.mktime_tz(e) + now_ts = time.time() + expired = exp_ts < now_ts + + # or if Max-Age is 0 + expired = expired or (int(attrs.get('Max-Age', 1)) == 0) + + if expired: + # Remove the cookie from jar + self.jar[dom_port_path].pop(name, None) + + # If all cookies of a dom_port_path have been removed + # then remove it from the jar itself + if not self.jar[dom_port_path]: + self.jar.pop(dom_port_path, None) + else: + b = attrs.with_insert(0, name, value) + self.jar[dom_port_path][name] = b def handle_request(self, f): l = [] |