[Python-bugs-list] [ python-Bugs-432621 ] httplib: multiple Set-Cookie headers
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 07 Jul 2002 09:52:05 -0700
Bugs item #432621, was opened at 2001-06-13 02:20
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=432621&group_id=5470
Category: Python Library
Group: Python 2.2
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Jeremy Hylton (jhylton)
Summary: httplib: multiple Set-Cookie headers
Initial Comment:
httplib does not support multiple headers of the same
name, because the headers are stored in a dictionary.
This causes a problem because an HTTP response can
contain multiple "Set-Cookie".
It is stated in RFC2109 - HTTP State Management
Mechanism that "An origin server may include multiple
Set-Cookie headers in a response. "
With the current python implementation, only the
last "Set-Cookie" header is included in the headers
dictionary, effectively meaning that the other cookies
were lost.
----------------------------------------------------------------------
>Comment By: Jeremy Hylton (jhylton)
Date: 2002-07-07 16:52
Message:
Logged In: YES
user_id=31392
Fixed in rev 1.57 of httplib.py
----------------------------------------------------------------------
Comment By: Greg Stein (gstein)
Date: 2001-08-31 04:23
Message:
Logged In: YES
user_id=6501
I've been using it for Expat, but that still isn't
authoritative :-) Basically, I'm trying to suggest that the
bug has been "accepted as a real bug" and will be
addressed. Sort of a "started", if you will, rather than
leaving it in the indeterminate Open/None
status/resolution. When it gets fixed, the resolution will
be "Fixed"
I kind of see it as a way to let the submitter know that
their bug has been considered and acknowledged and will be
fixed.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-08-31 03:37
Message:
Logged In: YES
user_id=6380
Greg: this is a new use of "Accepted" for me. We've only
used "Accepted" for accepted *patches*. Bugs to be fixed
simply remain open until they are fixed; I'm not sure I see
the value of changing the status. Were you innovating here,
or is this common usage in other projects?
----------------------------------------------------------------------
Comment By: Greg Stein (gstein)
Date: 2001-08-31 02:52
Message:
Logged In: YES
user_id=6501
Use response.msg.getallmatchingheaders() as a workaround.
That said: the default operation of HTTPResponse.getheader
() should use the same, since HTTP headers can (by
definition) use multiple headers. And HTTP defines a way to
join those headers into one.
The solution here is to not return a list of header values
(thus, breaking backwards compat), but to join them per the
specification (with a ",").
I'm reclassifying this as an Accepted bug due to fix in
Python 2.2.
----------------------------------------------------------------------
Comment By: Barry A. Warsaw (bwarsaw)
Date: 2001-08-30 21:10
Message:
Logged In: YES
user_id=12800
Please use RFC 2822 instead of 822 as the former has
replaced the latter. RFC 2822 describes the number of times
standard headers must or can appear in a mail message.
AFAIK, rfc822.py does no such enforcement (and there are
good reasons to have both strict and lenient modes).
My own mimelib (soon to be renamed and installed in the
standard library) accepts duplicates by keeping headers in a
list instead of a dictionary and searching the list linearly
for hits. The speed advantages of a dictionary are probably
minimal for typical mail messages, so a linear search, which
preserves insertion order and duplicate order, is fine in
practice.
mimelib does not, but should have both a strict and lenient
mode where duplicates breaking the standard are either
allowed or flagged as errors.
----------------------------------------------------------------------
Comment By: Steve Holden (holdenweb)
Date: 2001-07-17 11:49
Message:
Logged In: YES
user_id=88157
RFC 822-compliant mail messages frequently contain several
"Received-By:" headers. I cannot remember anything in the
standard which speaks to the general case. There may well
be headers whose semantics require enforcement of
the "There can be only one" variety, but equally some
others must be treated the same as "Received-By:".
In so far as RFC 2616 [HTTP/1.1] says "Unrecognized header
fields SHOULD be ignored by the recipient and MUST be
forwarded by transparent proxies." (section 7.1: Entity
header fields) this is an argument for being able to handle
many unknown headers of the same type in the general case.
For correct processing it is therefore necessary to hold
headers as lists, or in some other way which allows
multiple headers of the same type. Fortunately there
appears to be no need to emit headers in the same order
they were seen in the original to preserve meaning.
----------------------------------------------------------------------
Comment By: Andrew Gaul (gaul)
Date: 2001-07-15 01:20
Message:
Logged In: YES
user_id=139865
I'm willing to fix this, but I could use some clarification
of the relevant RFCs (822 and 2045). Do either of these
allow multiple headers with the same field names? I get the
impression from looking around in Google that reusing a
field is discouraged, but necessary for things like HTTP's
Set-Cookie header.
If one or both of the standards allow the above, I'll add an
optional argument (defaulting to the current behaviour) that
controls the handling of duplicate field names. If the flag
is passed, any field name having more than one value will
return the duplicate values in a list. For example:
foo: yes
bar: false
bar: true
will be returned as {foo: yes, bar: [false, true]}
as opposed to the old return value {foo: yes, bar: true}
HTTPResponse will always use this new behaviour, which may
break some programs that rely on the old behaviour.
Does anyone have comments before I code up this solution?
While I am concerned about breaking compatibility, it seems
like a correctness issue that headers aren't handled properly.
----------------------------------------------------------------------
Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2001-07-04 06:01
Message:
Logged In: YES
user_id=3066
Categorized as a feature request.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=432621&group_id=5470