Skip to content

Unable to override cookie policy in Session.prepare_request #7122

New issue
New issue
Open
Open
Unable to override cookie policy in Session.prepare_request#7122
@meredydd

Description

@meredydd
meredydd
opened on Dec 16, 2025

If you set a CookiePolicy on the cookie jar of a Session object, it is ignored. This has previously been reported (#3416) and fixed (#4042) ...except that the fix was merged into a proposed/3.0.0 branch that has been abandoned since 2018.

This issue continues to walk the earth, tripping up unwary devs. Today it was my turn (I'm writing tests for an app that uses secure session cookies on localhost: this is fine in browsers, but not allowed by http.cookiejar.DefaultCookiePolicy. I attempted to override that policy, and...here we are.)

The route to a fix seems pretty straightforward - I started sketching something up, and realised that the patch from #4042 is ~directly applicable to the present codebase. It's already been approved, so I'm hoping this is an easy win!

Expected Result

When calling session.cookie.set_policy(policy), that policy is honoured.

Actual Result

The policy is discarded and a DefaultCookiePolicy is used.

Reproduction Steps

Slightly adapting the code from #3416:

import requests
import http.cookiejar

class MyCustomCookiePolicy(http.cookiejar.DefaultCookiePolicy):
    def return_ok_secure(self, cookie, request):
        print("Custom cookie policy got to examine this request")
        # Allow secure cookies on localhost
        if request.host in ('localhost', '127.0.0.1', 'localhost.local'):
            return True
        return super().return_ok_secure(cookie, request)


s = requests.Session()
s.cookies = requests.cookies.RequestsCookieJar(policy=MyCustomCookiePolicy())
s.get('https://google.com') # Put some cookies in the jar
assert len(s.cookies) > 0 # Verify that they arrived
r = requests.Request('GET', 'https://google.com')
pr = s.prepare_request(r)
# Observe that the `print()` statement above failed to fire: The cookie policy was not consulted!

System Information

$ python -m requests.help

{
  "chardet": {
    "version": null
  },
  "charset_normalizer": {
    "version": "3.4.2"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "3.10"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.10.12"
  },
  "platform": {
    "release": "6.8.0-87-generic",
    "system": "Linux"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.32.4"
  },
  "system_ssl": {
    "version": "300000d0"
  },
  "urllib3": {
    "version": "2.5.0"
  },
  "using_charset_normalizer": true,
  "using_pyopenssl": false
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions