How to Set Cookies in aiohttp Requests

Mokhtar Ebrahim Last Updated On:

In this tutorial, you’ll learn how to set cookies in aiohttp requests.

We’ll cover various aspects of cookie handling in aiohttp, from basic usage to advanced methods.

 

Table of Contents hide

 

Create and Manage ClientSession Objects

To begin working with cookies in aiohttp, you need to create a ClientSession object.

This object manages connections and cookie state across requests.

Here’s how you can create a ClientSession and make a simple request:

import aiohttp
import asyncio
async def main():
    async with aiohttp.ClientSession() as session:
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())
asyncio.run(main())

Output:

{'cookies': {}}

This code creates a ClientSession and makes a GET request to httpbin.org/cookies.

The empty dictionary in the response indicates that no cookies were sent.

 

Set Cookies Manually

You can set cookies for a request by passing a dictionary to the ‘cookies’ parameter.

To set a cookie named ‘session_id’ with a value of ‘abc123’, use the following code:

async def main():
    cookies = {'session_id': 'abc123'}
    async with aiohttp.ClientSession() as session:
        async with session.get('https://httpbin.org/cookies', cookies=cookies) as response:
            print(await response.json())
asyncio.run(main())

Output:

{'cookies': {'session_id': 'abc123'}}

The response shows that the ‘session_id’ cookie was successfully sent with the request.

 

Using ClientSession.cookie_jar

The cookie_jar attribute of ClientSession allows you to manage cookies for the entire session.

To add a cookie to the session’s cookie jar, use this code:

async def main():
    async with aiohttp.ClientSession() as session:
        session.cookie_jar.update_cookies({'user_id': 'user123'})
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())
asyncio.run(main())

Output:

{'cookies': {'user_id': 'user123'}}

The cookie added to the cookie_jar is sent with all subsequent requests in the session.

 

Handle Secure Cookies and HttpOnly flags

Secure cookies are only sent over HTTPS, and HttpOnly cookies are inaccessible to JavaScript.

Here’s how to set these flags:

from http.cookies import SimpleCookie
async def main():
    cookie = SimpleCookie()
    cookie['secure_cookie'] = 'secure_value'
    cookie['secure_cookie']['secure'] = True
    cookie['secure_cookie']['httponly'] = True

    async with aiohttp.ClientSession() as session:
        session.cookie_jar.update_cookies(cookie)
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())
asyncio.run(main())

Output:

{'cookies': {'secure_cookie': 'secure_value'}}

The secure and HttpOnly flags are set, but not visible in the response.

This will help to protect against certain types of attacks, such as cross-site scripting (XSS).

 

Set Cookie Expiration

You can set expiration times for cookies to control how long they remain valid.

To set a cookie that expires in one hour, you can use max-age property:

import time
from http.cookies import SimpleCookie
async def main():
    cookie = SimpleCookie()
    cookie['expiring_cookie'] = 'will_expire'
    cookie['expiring_cookie']['max-age'] = 3600  # 1 hour
    async with aiohttp.ClientSession() as session:
        session.cookie_jar.update_cookies(cookie)
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())
asyncio.run(main())

Output:

{'cookies': {'expiring_cookie': 'will_expire'}}

The cookie is set with a max-age of one hour. After this time, it will no longer be sent with requests.

 

Update and Delete cookies in Ongoing Sessions

You can modify or remove cookies during an active session.

To update a cookie, you can use update_cookies() method and to delete cookies, you can use clear() method of cookie_jar:

async def main():
    async with aiohttp.ClientSession() as session:
        session.cookie_jar.update_cookies({'update_me': 'initial'})
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())

        session.cookie_jar.update_cookies({'update_me': 'updated'})
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())

        session.cookie_jar.clear()
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())
asyncio.run(main())

Output:

{'cookies': {'update_me': 'initial'}}
{'cookies': {'update_me': 'updated'}}
{'cookies': {}}

The cookie is first set, then updated, and finally cleared from the session.

 

Persist Cookies across Multiple Requests

To maintain the session state across multiple runs of your application, you can save cookies to a file.

Here’s how to save and load cookies from a file:

import aiohttp
import asyncio
import json
import os
async def main():
    cookie_file = 'cookies.json'
    async with aiohttp.ClientSession() as session:
        if os.path.exists(cookie_file) and os.path.getsize(cookie_file) > 0:
            try:
                with open(cookie_file, 'r') as f:
                    cookies = json.load(f)
                    session.cookie_jar.update_cookies(cookies)
            except json.JSONDecodeError:
                print("Warning: cookies.json is not valid JSON. Starting with an empty cookie jar.")

        # Update session cookies
        session.cookie_jar.update_cookies({'persistent': 'value'})
        async with session.get('https://httpbin.org/cookies') as response:
            print(await response.json())

        cookies_dict = {key: morsel.value for key, morsel in session.cookie_jar.filter_cookies().items()}
        with open(cookie_file, 'w') as f:
            json.dump(cookies_dict, f)
asyncio.run(main())

Output:

{'cookies': {'persistent': 'value'}}

This code loads cookies from a file if it exists, updates the session with a new cookie, and then saves the cookies back to the file.

 

Handle cross-origin Cookies and CORS

When dealing with cross-origin requests, you need to be aware of CORS (Cross-Origin Resource Sharing) policies.

Here’s an example of setting a cookie for a cross-origin request:

async def main():
    async with aiohttp.ClientSession() as session:
        headers = {'Origin': 'https://example.com'}
        async with session.get('https://httpbin.org/cookies/set?cross_origin=true', headers=headers) as response:
            print(response.headers.get('Access-Control-Allow-Credentials'))
            print(await response.json())
asyncio.run(main())

Output:

true
{'cookies': {'cross_origin': 'true'}}

true: This is the value of the Access-Control-Allow-Credentials header indicates that the server allows credentials (such as cookies) to be included in requests to this resource.

{'cookies': {'cross_origin': 'true'}}: This JSON object shows that the server set a cookie named cross_origin with the value true.

Related posts

  1. How to Retry Requests in AIOHTTP Using tenacity
  2. FastAPI vs. AIOHTTP: Comparison for Python Developers
  3. Mocking in aiohttp: Client and Server Simulations
  4. Digest Authentication in aiohttp (Server & Client) Side
  5. Enable Gzip Compression in aiohttp Server
  6. Custom Header Manipulation in aiohttp
  7. aiohttp Exception Handling: Comprehensive Tutorial
  8. aiohttp vs. tornado: Performance Benchmarks and Comparisons
  9. How to Serve Images Using aiohttp
  10. How to Create Periodic Tasks in aiohttp
  11. aiohttp Middleware: From Basics to Custom Implementation
  12. How to Use aiohttp FileResponse to Serve Files in Python
  13. Using Chunked Transfer Encoding with aiohttp
  14. How to Optimize Load Performance in aiohttp
  15. Create Simple Web Crawler Using aiohttp in Python
Leave a Reply

Your email address will not be published. Required fields are marked *