How to Set Cookies in aiohttp Requests
In this tutorial, you’ll learn how to set cookies in aiohttp requests.
We’ll cover various aspects of cookie handling in aiohttp, from basic usage to advanced methods.
Create and Manage ClientSession Objects
To begin working with cookies in aiohttp, you need to create a ClientSession object.
This object manages connections and cookie state across requests.
Here’s how you can create a ClientSession and make a simple request:
import aiohttp import asyncio async def main(): async with aiohttp.ClientSession() as session: async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) asyncio.run(main())
Output:
{'cookies': {}}
This code creates a ClientSession and makes a GET request to httpbin.org/cookies.
The empty dictionary in the response indicates that no cookies were sent.
Set Cookies Manually
You can set cookies for a request by passing a dictionary to the ‘cookies’ parameter.
To set a cookie named ‘session_id’ with a value of ‘abc123’, use the following code:
async def main(): cookies = {'session_id': 'abc123'} async with aiohttp.ClientSession() as session: async with session.get('https://httpbin.org/cookies', cookies=cookies) as response: print(await response.json()) asyncio.run(main())
Output:
{'cookies': {'session_id': 'abc123'}}
The response shows that the ‘session_id’ cookie was successfully sent with the request.
The cookie_jar attribute of ClientSession allows you to manage cookies for the entire session.
To add a cookie to the session’s cookie jar, use this code:
async def main(): async with aiohttp.ClientSession() as session: session.cookie_jar.update_cookies({'user_id': 'user123'}) async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) asyncio.run(main())
Output:
{'cookies': {'user_id': 'user123'}}
The cookie added to the cookie_jar is sent with all subsequent requests in the session.
Handle Secure Cookies and HttpOnly flags
Secure cookies are only sent over HTTPS, and HttpOnly cookies are inaccessible to JavaScript.
Here’s how to set these flags:
from http.cookies import SimpleCookie async def main(): cookie = SimpleCookie() cookie['secure_cookie'] = 'secure_value' cookie['secure_cookie']['secure'] = True cookie['secure_cookie']['httponly'] = True async with aiohttp.ClientSession() as session: session.cookie_jar.update_cookies(cookie) async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) asyncio.run(main())
Output:
{'cookies': {'secure_cookie': 'secure_value'}}
The secure and HttpOnly flags are set, but not visible in the response.
This will help to protect against certain types of attacks, such as cross-site scripting (XSS).
Set Cookie Expiration
You can set expiration times for cookies to control how long they remain valid.
To set a cookie that expires in one hour, you can use max-age
property:
import time from http.cookies import SimpleCookie async def main(): cookie = SimpleCookie() cookie['expiring_cookie'] = 'will_expire' cookie['expiring_cookie']['max-age'] = 3600 # 1 hour async with aiohttp.ClientSession() as session: session.cookie_jar.update_cookies(cookie) async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) asyncio.run(main())
Output:
{'cookies': {'expiring_cookie': 'will_expire'}}
The cookie is set with a max-age of one hour. After this time, it will no longer be sent with requests.
You can modify or remove cookies during an active session.
To update a cookie, you can use update_cookies()
method and to delete cookies, you can use clear()
method of cookie_jar
:
async def main(): async with aiohttp.ClientSession() as session: session.cookie_jar.update_cookies({'update_me': 'initial'}) async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) session.cookie_jar.update_cookies({'update_me': 'updated'}) async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) session.cookie_jar.clear() async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) asyncio.run(main())
Output:
{'cookies': {'update_me': 'initial'}} {'cookies': {'update_me': 'updated'}} {'cookies': {}}
The cookie is first set, then updated, and finally cleared from the session.
Persist Cookies across Multiple Requests
To maintain the session state across multiple runs of your application, you can save cookies to a file.
Here’s how to save and load cookies from a file:
import aiohttp import asyncio import json import os async def main(): cookie_file = 'cookies.json' async with aiohttp.ClientSession() as session: if os.path.exists(cookie_file) and os.path.getsize(cookie_file) > 0: try: with open(cookie_file, 'r') as f: cookies = json.load(f) session.cookie_jar.update_cookies(cookies) except json.JSONDecodeError: print("Warning: cookies.json is not valid JSON. Starting with an empty cookie jar.") # Update session cookies session.cookie_jar.update_cookies({'persistent': 'value'}) async with session.get('https://httpbin.org/cookies') as response: print(await response.json()) cookies_dict = {key: morsel.value for key, morsel in session.cookie_jar.filter_cookies().items()} with open(cookie_file, 'w') as f: json.dump(cookies_dict, f) asyncio.run(main())
Output:
{'cookies': {'persistent': 'value'}}
This code loads cookies from a file if it exists, updates the session with a new cookie, and then saves the cookies back to the file.
Handle cross-origin Cookies and CORS
When dealing with cross-origin requests, you need to be aware of CORS (Cross-Origin Resource Sharing) policies.
Here’s an example of setting a cookie for a cross-origin request:
async def main(): async with aiohttp.ClientSession() as session: headers = {'Origin': 'https://example.com'} async with session.get('https://httpbin.org/cookies/set?cross_origin=true', headers=headers) as response: print(response.headers.get('Access-Control-Allow-Credentials')) print(await response.json()) asyncio.run(main())
Output:
true {'cookies': {'cross_origin': 'true'}}
true
: This is the value of the Access-Control-Allow-Credentials
header indicates that the server allows credentials (such as cookies) to be included in requests to this resource.
{'cookies': {'cross_origin': 'true'}}
: This JSON object shows that the server set a cookie named cross_origin
with the value true
.
Mokhtar is the founder of LikeGeeks.com. He is a seasoned technologist and accomplished author, with expertise in Linux system administration and Python development. Since 2010, Mokhtar has built an impressive career, transitioning from system administration to Python development in 2015. His work spans large corporations to freelance clients around the globe. Alongside his technical work, Mokhtar has authored some insightful books in his field. Known for his innovative solutions, meticulous attention to detail, and high-quality work, Mokhtar continually seeks new challenges within the dynamic field of technology.