diff options
| -rw-r--r-- | mitmproxy/flow/modules.py | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/mitmproxy/flow/modules.py b/mitmproxy/flow/modules.py index cba96fbc..46da5b64 100644 --- a/mitmproxy/flow/modules.py +++ b/mitmproxy/flow/modules.py @@ -1,8 +1,10 @@ from __future__ import absolute_import, print_function, division import collections +import email.utils import hashlib import re +import time from six.moves import http_cookiejar from six.moves import urllib @@ -320,10 +322,33 @@ class StickyCookieState: for name, (value, attrs) in f.response.cookies.items(multi=True): # FIXME: We now know that Cookie.py screws up some cookies with # valid RFC 822/1123 datetime specifications for expiry. Sigh. - a = self.ckey(attrs, f) - if self.domain_match(f.request.host, a[0]): - b = attrs.with_insert(0, name, value) - self.jar[a][name] = b + dom_port_path = self.ckey(attrs, f) + + if self.domain_match(f.request.host, dom_port_path[0]): + + # See if 'expires' time is in the past + expired = False + if 'expires' in attrs: + e = email.utils.parsedate_tz(attrs["expires"]) + if e: + exp_ts = email.utils.mktime_tz(e) + now_ts = time.time() + expired = exp_ts < now_ts + + # or if Max-Age is 0 + expired = expired or (int(attrs.get('Max-Age', 1)) == 0) + + if expired: + # Remove the cookie from jar + self.jar[dom_port_path].pop(name, None) + + # If all cookies of a dom_port_path have been removed + # then remove it from the jar itself + if not self.jar[dom_port_path]: + self.jar.pop(dom_port_path, None) + else: + b = attrs.with_insert(0, name, value) + self.jar[dom_port_path][name] = b def handle_request(self, f): l = [] |