'/' not allowed in cookie name?

Andrew Dalke dalke at dalkescientific.com
Thu Feb 14 23:58:22 CET 2002


Oliver Rutherfurd:
> I'm ... receiving a cookie.CookieError when a server I am
> connecting to sends me a cookie with '/' in the name.
   ...
> After spending a little time reading http://www.faqs.org/rfcs/rfc2109.html
> I am still not any closer to understanding whether '/' is a legal value
> that the cookie module should accept in a name, or whether the server
> is misbehaving.

That RFC defines the format for the cookie syntax, in 4.1

   av-pairs        =       av-pair *(";" av-pair)
   av-pair         =       attr ["=" value]        ; optional value
   attr            =       token
   value           =       word
   word            =       token | quoted-string

The "attr" is the name (before the "="), which you want to be 1/2.
The specification for token is defined in RFC 2068 as

    token          = 1*<any CHAR except CTLs or tspecials>

where

    tspecials      = "(" | ")" | "<" | ">" | "@"
                         | "," | ";" | ":" | "\" | <">
                         | "/" | "[" | "]" | "?" | "="
                         | "{" | "}" | SP | HT

So token cannot contain "/", which means "1/2" is not a valid
cookie name.

As to if some clients and servers let you use illegal cookie
names ... that's a different thing.

                    Andrew
                    dalke at dalkescientific.com







More information about the Python-list mailing list