Message 183367 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	keakon
Recipients	georg.brandl, keakon, spookylukey
Date	2013-03-03.11:10:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1362309033.05.0.860433762185.issue17340@psf.upfronthosting.co.za>
In-reply-to

Content
One of my user told me that she couldn't login to my website yesterday. I logged her cookie, and found it began with ',BRIDGE_R=;' which was a malformed cookie. Tornado uses Cookie.SimpleCookie.load() to parse her cookie, and returns an empty dict when catching an exception such as CookieError. In that case, Tornado has to treat her as a new user since it believes she didn't provide any cookies. Even after Tornado tried to set cookie (like user_id) for her, it still couldn't parse her cookie the next time. I checked Issue2193 and found the patch provided by spookylukey could fix the bug, but it was rejected. Why not add a default parameter like strict=True, and let users to decide whether to ignore invalid keys or to raise an error? I believe SimpleCookie is useless for handling malformed cookies right now. If it's still not acceptable, should I implement my own Cookie class for Tornado like Django did (https://github.com/django/django/blob/master/django/http/cookie.py)?

One of my user told me that she couldn't login to my website yesterday. I logged her cookie, and found it began with ',BRIDGE_R=;' which was a malformed cookie.
Tornado uses Cookie.SimpleCookie.load() to parse her cookie, and returns an empty dict when catching an exception such as CookieError.

In that case, Tornado has to treat her as a new user since it believes she didn't provide any cookies.
Even after Tornado tried to set cookie (like user_id) for her, it still couldn't parse her cookie the next time.

I checked Issue2193 and found the patch provided by spookylukey could fix the bug, but it was rejected.
Why not add a default parameter like strict=True, and let users to decide whether to ignore invalid keys or to raise an error?

I believe SimpleCookie is useless for handling malformed cookies right now.
If it's still not acceptable, should I implement my own Cookie class for Tornado like Django did (https://github.com/django/django/blob/master/django/http/cookie.py)?

History
Date	User	Action	Args
2013-03-03 11:10:33	keakon	set	recipients: + keakon, georg.brandl, spookylukey
2013-03-03 11:10:33	keakon	set	messageid: <1362309033.05.0.860433762185.issue17340@psf.upfronthosting.co.za>
2013-03-03 11:10:32	keakon	link	issue17340 messages
2013-03-03 11:10:32	keakon	create