Why is Twitter sending cookies with API responses?


#1

In my logs I started getting this warning:

2018-01-12 02:32:50,162  WARN o.a.h.c.p.ResponseProcessCookies:130 - Invalid cookie header: "set-cookie: guest_id=v1%3A151572431977858379; Expires=Sun, 12 Jan 2020 02:31:59 UTC; Path=/; Domain=.twitter.com". Invalid 'expires' attribute: Sun, 12 Jan 2020 02:31:59 UTC

Not sure what is exactly wrong with the format, but regardless of whether it is my client library or twitter, what is the reason to set these tracking cookies in API responses in the first place? I think they should not be there.

Here’s a full raw response for an API request:

HTTP/1.1 200 OK

x-frame-options:
    SAMEORIGIN
x-rate-limit-remaining:
    899
last-modified:
    Fri, 12 Jan 2018 17:45:03 GMT
status:
    200 OK
Content-Length:
    4909
x-response-time:
    80
Connection:
    keep-alive
x-transaction:
    006b7440009b5297
Server:
    tsa_b
pragma:
    no-cache
cache-control:
    no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash:
    24fd4a4b3d61e33b6b94080b710a1e61
x-xss-protection:
    1; mode=block; report=https://twitter.com/i/xss_report
x-content-type-options:
    nosniff
x-rate-limit-limit:
    900
expires:
    Tue, 31 Mar 1981 05:00:00 GMT
Date:
    Fri, 12 Jan 2018 17:45:03 GMT
set-cookie:
    personalization_id="v1_/3EYpbQnCe+vnjhnBUew=="; Expires=Sun, 12 Jan 2020 17:45:03 UTC; Path=/; Domain=.twitter.com
set-cookie:
    lang=en; Path=/
set-cookie:
    guest_id=v1%3A1515770330954116; Expires=Sun, 12 Jan 2020 17:45:03 UTC; Path=/; Domain=.twitter.com
x-rate-limit-reset:
    1515780003
content-disposition:
    attachment; filename=json.json
x-twitter-response-tags:
    BouncerCompliant
strict-transport-security:
    max-age=631138519
x-access-level:
    read-write-directmessages
Content-Type:
    application/json;charset=utf-8