From 195c4bec34cfa6079d3b08de05b1e5302a7c473a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= <miroslav.stampar@gmail.com>
Date: Thu, 4 Jun 2026 21:28:54 +0200
Subject: [PATCH] Further improving Set-Cookie logic in redirections

---
 data/txt/sha256sums.txt        | 4 ++--
 lib/core/settings.py           | 2 +-
 lib/request/redirecthandler.py | 8 +++++++-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index 8fe6a42a5..4d169999d 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2  lib/core/patch
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-63f72d10d0b148bae60d669a12df6577845e73087f82d000decb92f0fe4d4e93  lib/core/settings.py
+39ab39f89872540387d9b6c2287ccdb5a67de484bd940f057786314cf9c2688c  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
@@ -220,7 +220,7 @@ aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e  lib/request/in
 ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4  lib/request/methodrequest.py
 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568  lib/request/pkihandler.py
 b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e  lib/request/rangehandler.py
-f3783c485352ea9293de26309217b26ce26ace92749fc402f4f73850762055f8  lib/request/redirecthandler.py
+673fbe28e3031a9be6f1d5b9ee8af4985dd9f69458ca1264e2eb3c3eec8d8c3d  lib/request/redirecthandler.py
 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb  lib/request/templates.py
 01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457  lib/takeover/abstraction.py
 d3c93562d78ebdaf9e22c0ea2e4a62adb12f0ce9e9d9631c1ea000b1a07d04ab  lib/takeover/icmpsh.py
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 6368f538d..37c757333 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.29"
+VERSION = "1.10.6.30"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
index 0deb03925..0c1e9d086 100644
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -136,7 +136,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                 delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
                 last = None
 
-                for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE].split(';')[0]] if HTTP_HEADER.SET_COOKIE in headers else []):
+                for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter):
                     if '=' in part:
                         part = part.strip()
                         key, value = part.split('=', 1)
@@ -145,6 +145,12 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                     elif last:
                         cookies[last] += "%s%s" % (delimiter, part)
 
+                if HTTP_HEADER.SET_COOKIE in headers:
+                    for match in re.finditer(r"(?:^|,\s*)([^=;,]+)=([^;,]+)", headers[HTTP_HEADER.SET_COOKIE]):
+                        key = match.group(1).strip()
+                        if key.lower() not in ("expires", "path", "domain", "max-age", "secure", "httponly", "samesite"):
+                            cookies[key] = match.group(2).strip()
+
                 req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies)
 
             try: