From: "J. Nick Koston" <nick@koston.org>
Date: Tue, 10 Jun 2025 00:46:42 -0500
Subject: make test more robust

Origin: backport, https://github.com/aio-libs/aiohttp-session/pull/1099
Bug-Debian: https://bugs.debian.org/1117423
Last-Update: 2025-10-13
---
 tests/test_cookie_storage.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/tests/test_cookie_storage.py b/tests/test_cookie_storage.py
index 8296663..ac162c9 100644
--- a/tests/test_cookie_storage.py
+++ b/tests/test_cookie_storage.py
@@ -1,5 +1,6 @@
 import json
 import time
+from http.cookies import SimpleCookie
 from typing import Any, Dict, MutableMapping, cast
 
 from aiohttp import web
@@ -97,10 +98,22 @@ async def test_clear_cookie_on_session_invalidation(
     make_cookie(client, {"a": 1, "b": 2})
     resp = await client.get("/")
     assert resp.status == 200
-    assert (
-        'Set-Cookie: AIOHTTP_SESSION="{}"; '
-        "domain=127.0.0.1; httponly; Path=/".upper()
-    ) == resp.cookies["AIOHTTP_SESSION"].output().upper()
+
+    # Check the actual Set-Cookie header instead of resp.cookies
+    # which used to leak the cookie jar details back into the resp.cookies
+    set_cookie_header = resp.headers.get("Set-Cookie")
+    assert set_cookie_header is not None
+
+    # Parse the header
+    cookie = SimpleCookie()
+    cookie.load(set_cookie_header)
+    assert "AIOHTTP_SESSION" in cookie
+
+    # Verify the cookie was cleared (empty value)
+    morsel = cookie["AIOHTTP_SESSION"]
+    assert morsel.value == "{}"
+    assert morsel["path"] == "/"
+    assert morsel["httponly"] is True
 
 
 async def test_dont_save_not_requested_session(aiohttp_client: AiohttpClient) -> None: