So I've made two changes. First, I'm using sha instead of md5 to generate the hash of password+current_time+expires_time -- I don't think this'll make any real difference. Second, I'm `hexlifying' the cookie value. This guarantees that the value will contain only characters [0-9][a-f] so no quoting should be necessary and there will be no strange characters to confuse things.
OK, I'm probably missing something again, but this looks completely broken to me. unhexlify is using int(c, 16), but there is no such 2-argument int that I can find in Python 1.5.2.
Barry, the following patch made cookies work again, but they were utterly broken before this patch, and I don't understand how you could have thought they were not...so is there a 2-argument int() in some unreleased Python or something?...
*** Utils.py.orig Thu Jul 20 02:57:17 2000 --- Utils.py Thu Jul 20 02:57:44 2000
*** 627,631 **** def unhexlify(s): acc = [] for i in range(0, len(s), 2): ! acc.append(chr(int(s[i], 16)*16 + int(s[i+1], 16))) return string.join(acc, '') --- 627,631 ---- def unhexlify(s): acc = [] for i in range(0, len(s), 2): ! acc.append(chr(string.atol(s[i], 16)*16 + string.atol(s[i+1], 16))) return string.join(acc, '')