Cookie

[vw98075]

Describe bug

To my understanding of the Python code, once a fetched cookie is over 24 hours, the cookie is marked as invalid in the code. It will refresh the cookie when it is older than 24 hours.

Here is a header I get from the fc.yahoo.com end point:

Date: Thu, 10 Oct 2024 18:23:25 GMT
Connection: keep-alive
Server: ATS
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Set-Cookie: ...; Expires=Sat, 11 Oct 2025 00:23:25 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
Content-Length: 4744

The above header contains an expiration date. I wonder why the expiration date isn't used to determine whether refreshing the cookie is needed. Do I miss something?

Simple code that reproduces your problem

Periodically refresh, 24 hours seems fair.

    if cookie_dict['age'] > datetime.timedelta(days=1):
        return False

Debug log

NA

Bad data proof

No response

yfinance version

0.2.44

Python version

No response

Operating system

No response

[ValueRaider]

I was lazy and rushing it, that's all. #1084

[vw98075]

Thanks for the info. It is understandable when you have too many things to work on a project. I have little knowledge of Python. Otherwise, I would submit a pull request for a related change.

[ValueRaider]

If you use yfinance regularly, you probably have enough Python knowledge.

[vw98075]

I haven't run it yet while studying the code. I see the following code for CSRF
csrfTokenInput = soup.find('input', attrs={'name': 'csrfToken'}) csrfToken = csrfTokenInput['value']
sessionIdInput = soup.find('input', attrs={'name': 'sessionId'}) sessionId = sessionIdInput['value']
I, however, can't see either csrfToken or sessionId in a response of https://guce.yahoo.com/consent. Are they dynamicaly Generated?

[ValueRaider]

_get_cookie_csrf was never 100% - when it was first written it seemed to only work in Europe. Now seems to not work at all, maybe Yahoo changed.