Home Why would Twitter send cookies with its API response?
Reply: 0

Why would Twitter send cookies with its API response?

Bozho
1#
Bozho Published in 2018-01-13 09:39:27Z

The other day I got a strange warning in my client after sending requestse to twitter:

2018-01-12 02:32:50,162 WARN o.a.h.c.p.ResponseProcessCookies:130 - Invalid cookie header: "set-cookie: guest_id=v1%3A151572431977858379; Expires=Sun, 12 Jan 2020 02:31:59 UTC; Path=/; Domain=.twitter.com". Invalid 'expires' attribute: Sun, 12 Jan 2020 02:31:59 UTC

The format is correct, so in the end it's a http client misconfiguration, but that leaves me with the question: why would a RESTful API send cookies?

These appeare to be the tracking cookies of twitter, so what use are they in a RESTful context? Does twitter want to set the cookie if invoked through XMLHttpRequest (rather than server-side), or is it a generic "set cookie" filter that they've mistakenly applied to API endpoints as well?

Below is an excerpt from the raw response:

Server:
    tsa_b
pragma:
    no-cache
cache-control:
    no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash:
    24fd4a4b3d61e33b6b94080b710a1e61
x-xss-protection:
    1; mode=block; report=https://twitter.com/i/xss_report
x-content-type-options:
    nosniff
x-rate-limit-limit:
    900
expires:
    Tue, 31 Mar 1981 05:00:00 GMT
Date:
    Fri, 12 Jan 2018 17:45:03 GMT
set-cookie:
    personalization_id="v1_/3EYpbQnCe+vnjhnBUew=="; Expires=Sun, 12 Jan 2020 17:45:03 UTC; Path=/; Domain=.twitter.com
set-cookie:
    lang=en; Path=/
set-cookie:
    guest_id=v1%3A1515770330954116; Expires=Sun, 12 Jan 2020 17:45:03 UTC; Path=/; Domain=.twitter.com
x-rate-limit-reset:
    1515780003
content-disposition:
    attachment; filename=json.json
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.340101 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO