1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From: "J. Nick Koston" <nick@koston.org>
Date: Tue, 10 Jun 2025 00:46:42 -0500
Subject: make test more robust
Origin: backport, https://github.com/aio-libs/aiohttp-session/pull/1099
Bug-Debian: https://bugs.debian.org/1117423
Last-Update: 2025-10-13
---
tests/test_cookie_storage.py | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/tests/test_cookie_storage.py b/tests/test_cookie_storage.py
index 8296663..ac162c9 100644
--- a/tests/test_cookie_storage.py
+++ b/tests/test_cookie_storage.py
@@ -1,5 +1,6 @@
import json
import time
+from http.cookies import SimpleCookie
from typing import Any, Dict, MutableMapping, cast
from aiohttp import web
@@ -97,10 +98,22 @@ async def test_clear_cookie_on_session_invalidation(
make_cookie(client, {"a": 1, "b": 2})
resp = await client.get("/")
assert resp.status == 200
- assert (
- 'Set-Cookie: AIOHTTP_SESSION="{}"; '
- "domain=127.0.0.1; httponly; Path=/".upper()
- ) == resp.cookies["AIOHTTP_SESSION"].output().upper()
+
+ # Check the actual Set-Cookie header instead of resp.cookies
+ # which used to leak the cookie jar details back into the resp.cookies
+ set_cookie_header = resp.headers.get("Set-Cookie")
+ assert set_cookie_header is not None
+
+ # Parse the header
+ cookie = SimpleCookie()
+ cookie.load(set_cookie_header)
+ assert "AIOHTTP_SESSION" in cookie
+
+ # Verify the cookie was cleared (empty value)
+ morsel = cookie["AIOHTTP_SESSION"]
+ assert morsel.value == "{}"
+ assert morsel["path"] == "/"
+ assert morsel["httponly"] is True
async def test_dont_save_not_requested_session(aiohttp_client: AiohttpClient) -> None:
|
