[ python-Bugs-1660009 ] continuing problem with httplib multiple set-cookie headers
SourceForge.net
noreply at sourceforge.net
Wed Mar 14 22:10:00 CET 2007
Bugs item #1660009, was opened at 2007-02-14 19:52
Message generated for change (Comment added) made by davidma
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1660009&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Python 2.3
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: David Margrave (davidma)
Assigned to: Nobody/Anonymous (nobody)
Summary: continuing problem with httplib multiple set-cookie headers
Initial Comment:
This is related to [ 432621 ] httplib: multiple Set-Cookie headers, which I was unable to re-open.
The workaround that was adopted in the previous bug tracker item was to combine multiple set-cookie headers received from the server, into a single set-cookie element in the headers dictionary, with the cookies joined into a comma-separated string.
The problem arises when a comma character appears inside the 'expires' field of one of the cookies. This makes it difficult to split the cookie headers back apart. The comma character should be escaped, or a different separator character used.
i.e.
expires=Sun, 17-Jan-2038 19:14:07 GMT
For now I am using the workaround that gstein suggested, use response.msg.getallmatchingheaders()
Python 2.3 has this behavior, and probably later versions.
----------------------------------------------------------------------
>Comment By: David Margrave (davidma)
Date: 2007-03-14 21:10
Message:
Logged In: YES
user_id=31040
Originator: YES
getallmatchingheaders() works fine.
The problem is with the self.headers in the SimpleHTTPRequestHandler and
derived classes.
A website may send multiple set-cookie headers, using gmail.com as an
example:
Set-Cookie: GMAIL_RTT=EXPIRED; Domain=.google.com; Expires=Tue, 13-Mar-07
21:03:04 GMT; Path=/mail
Set-Cookie: GMAIL_LOGIN=EXPIRED; Domain=.google.com; Expires=Tue,
13-Mar-07 21:03:04 GMT; Path=/mail
The SimpleHTTPRequestHandler class combines multiple set-cookie response
headers into a single comma-separated string which it stores in the headers
dictionary
i.e.
self.headers ['set-cookie'] = GMAIL_RTT=EXPIRED; Domain=.google.com;
Expires=Tue, 13-Mar-07 21:03:04 GMT; Path=/mail, GMAIL_LOGIN=EXPIRED;
Domain=.google.com; Expires=Tue, 13-Mar-07 21:03:04 GMT; Path=/mail
The problem is if you try to use code that uses self.headers['set-cookie']
and use string.split to get the original distinct cookie values on the
comma delimiter, you'll run into trouble because of the use of the comma
character within the cookies' expiration tags, such as Expires=Tue,
13-Mar-07 21:03:04 GMT
Again, getallmatchingheaders() is fine as an alternative, but as long as
you are going to the trouble of storing multiple set-cookie response
headers in the self.headers dict, using a delimiter of some sort, I'd argue
you might as well also take care that your delimiter is either unique or
escaped within the fields you are delimiting.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2007-03-14 20:48
Message:
Logged In: YES
user_id=261020
Originator: NO
I'm not sure what your complaint is. What's wrong with
response.msg.getallmatchingheaders()?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1660009&group_id=5470
More information about the Python-bugs-list
mailing list