Cookie encoding

[Terry Hancock]

Hi,
I'm trying to put a builtin Python object into an HTTP
cookie for saving state information in a Zope web app.

Zope provides a simple means of doing the actual Cookie
setting (RESPONSE.setCookie()), but it fails silently
if the cookie contains illegal characters (or so it seems).

The Zope docs are pretty hostile towards the idea of using
general picklers in web apps, for security reasons, but
there's a "MiniPickle" module that will only pickle
"safe" data -- i.e. only a select set of Python objects,
like lists and dictionaries are allowed. This seems to
work fine, but the strings generated are apparently
illegal as HTTP cookie values.

So I need to encode the result into something safer. I've
tried the uu.encode, base64.encode, etc. but I'm just
taking shots in the dark (and these didn't work) -- I
figure there has to be a standard answer to this
problem.  There is a "Cookie" module, which looks
interesting, but it seems to want to make the whole
HTTP set-cookie line, not just the legal value.  So
I'm not sure if I can make that play well with Zope.
I picked through the Cookie.py code, and indeed there
is an encoding/quoting function inside it, but it's
a "private" method (begins with "_"), so I gather
it would be unwise to use that directly.

I'm sure I could actually write a custom encoder that
would work, but I'd prefer to do it "right".

Anyway, thanks for any advice on this!

Terry

-- 
------------------------------------------------------
Terry Hancock
hancock at anansispaceworks.com       
Anansi Spaceworks                 
http://www.anansispaceworks.com 
------------------------------------------------------