[ python-Bugs-1028088 ] Cookies without values are silently ignored (by design?)
SourceForge.net
noreply at sourceforge.net
Wed Jun 29 23:09:06 CEST 2005
Bugs item #1028088, was opened at 2004-09-14 13:05
Message generated for change (Settings changed) made by rhettinger
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1028088&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Doug Sheppard (sirilyan)
>Assigned to: A.M. Kuchling (akuchling)
Summary: Cookies without values are silently ignored (by design?)
Initial Comment:
Cookie._CookiePattern is the regular expression used to
retrieve cookies from the HTTP_COOKIE environment
variable. This pattern assumes that all cookies are in
"name=value" format. A cookie that doesn't have an
"=value" component is silently skipped over. (It's
easy to generate a cookie like that - in JavaScript,
document.cookie="broken" is all it takes.)
>>> import Cookie
>>> q = Cookie.SimpleCookie("pie=good; broken;
other=thing")
>>> q
<SimpleCookie: other='thing' pie='good'>
If ignoring cookies without a "=value" component is
intended behaviour, it'd be nice to have a code comment
warning that's what happens. If it's a bug, the cookie
should be set with an empty value.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2005-06-29 15:02
Message:
Logged In: YES
user_id=261020
Though I had previously assumed stability is more important
than the precise details of what module Cookie does (since
you can choose what cookies you send, the only important
thing is that behaviour is relatively sane, and does the job
-- in a standards-compliant way -- with browsers). But I
suppose one can have JS code or other web app code
maintained by others, and have to understand cookies that
were emitted by that code. Is that your situation?
Do 'serious' web developers use module Cookie, or do people
now tend to use web frameworks' own cookie code (personally
I don't use cookies in my web application work). If the
former, perhaps we should not tinker with this module.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1028088&group_id=5470
More information about the Python-bugs-list
mailing list