kdcllc/CometD.NetCore

403::Unknown Client error due to missing cookie

wadewnz opened this issue · 1 comments

When using this library to connect to some instances of Salesforce (not all instances of Salesforce have this problem), it would successfully do the handshake but then fail on the connect request and subscribe request with the error 403::Unknown client.

The reason is due to Salesforce returning a cookie on the response to the /cometd/42.0/handshake request without a path attribute.
E.g. HTTP header

set-cookie: sfproxy-id="9c13437298e48434"; Max-Age=3600; HttpOnly

If these libraries are compiled on .NET Core 3.1 or below then the .NET libraries does not correctly follow RFC 6265 for cookie path resolution (uses the older RFC 2109 spec) and so the cookie's default path gets set to /cometd/42.0/handshake and therefore this cookie is not sent in /cometd/42.0/connect and /cometd/42.0/subscribe requests. In .NET 5.0 and above RFC 6265 is correctly followed setting the path to /cometd/42.0 and so this cookie is sent.

In my case I am not able to use .NET 5.0 or above as I am using other libraries that are not compatible with .NET 5.0.

I am currently working around this issue by using reflection to access the private field _cookieCollection in the BayeuxClient class after the handshaking CONECTING state, then modifying all cookies that have a path of /cometd/{version}/handshake to /cometd/ and this solves the problem. However this is very much a hack and it would be good if this could be implemented within the libraries or have an option to do this.

Some additional information about the default path for cookies in the .NET libraries
dotnet/runtime#21440
https://docs.microsoft.com/en-us/dotnet/core/compatibility/networking/5.0/cookie-path-conforms-to-rfc6265