id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 36399 Missing cookies when using ASGI and HTTP/2 Ingmar Stein JaeHyuckSa "I originally created the report here: https://forum.djangoproject.com/t/missing-cookies-when-using-asgi-and-http-2/40946 https://github.com/paperless-ngx/paperless-ngx/issues/9935 describes the issue in more detail. In a nutshell: when serving a Django app using ASGI and HTTP/2, cookies may get dropped. In case this hits the `csrftoken` cookie, it might explain the various ""CSRF verification failed"" topics in this forum category. I had a brief look at the coke and it looks like the [[https://github.com/django/django/blob/main/django/core/handlers/asgi.py#L97-L98|ASGI module]] joins multiple values for the same header using commas but [[https://github.com/django/django/blob/main/django/http/cookie.py#L12|`parse_cookie`]] splits by semicolon. Same same issue has also hit other ASGI frameworks: https://github.com/encode/starlette/discussions/2916 @carltongibson created this minimal repro: {{{#!python from django.conf import settings from django.core.handlers.asgi import ASGIRequest settings.configure(DEBUG=True) scope = { ""type"": ""http"", ""asgi"": { ""version"": ""3.0"", ""spec_version"": ""2.3"", }, ""http_version"": ""2.0"", ""method"": ""GET"", ""scheme"": ""http"", ""path"": ""/"", ""raw_path"": b""/"", ""query_string"": b"""", ""root_path"": """", ""headers"": [ (b""cookie"", b""a=abc;""), (b""cookie"", b""b=def;""), (b""cookie"", b""c=ghi;"") ], ""client"": (""127.0.0.1"", 10000), ""server"": (""127.0.0.1"", 8000), ""extensions"": {} } request = ASGIRequest(scope, None) print(request.COOKIES) # Prints: {'a': 'abc', ',b': 'def', ',c': 'ghi'} assert request.COOKIES == {'a': 'abc', 'b': 'def', 'c': 'ghi'} }}}" New feature closed HTTP handling 5.2 Normal fixed Carlton Gibson Ahmed Ibrahim Ready for checkin 1 0 0 0 1 0