[issue42066] CookieJar cookies should not be sorted

[Iman Kermani]

New submission from Iman Kermani <imankermani at hotmail.com>:

Lib/http/cookiejar.py

By default python handle cookies based on regular Netscape cookie protocol and the protocol defined by RFC 2965.

There is a behavior in python which sort cookies in CookieJar by default:
https://github.com/python/cpython/blob/975d10a4f8f5d99b01d02fc5f99305a86827f28e/Lib/http/cookiejar.py#L1220

Moreover there is no definition in the 2965 about the cookie ordering in Cookie Header when cookies have equal-length path fields.

This is a undesirable behavior when working with certain libraries like requests. https://github.com/psf/requests/issues/5630
 
In this case browser implements the RFC 6265 which obsoletes the RFC 2965. Therefore The behavior is based on https://tools.ietf.org/html/rfc6265#section-5.4:
"The user agent SHOULD sort the cookie-list in the following order:
Cookies with longer paths are listed before cookies with shorter paths.
Among cookies that have equal-length path fields, cookies with earlier creation-times are listed before cookies with later creation-times."

This means that the order of the cookies with same path attribute in Cookie header follow the Set-Cookie order in the HTTP response.

RFC 6265 compliance is not what this issue is meant rather it imply on the sorting of cookies which is unnecessary here and not mentioned in RFC 2965 or the regular Netscape cookie protocol.

Thanks in advance for looking into this issue

Regards.

----------
components: Library (Lib)
messages: 378855
nosy: IKermani
priority: normal
severity: normal
status: open
title: CookieJar cookies should not be sorted
type: behavior
versions: Python 3.10, Python 3.6, Python 3.7, Python 3.8, Python 3.9

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42066>
_______________________________________