classification
Title: SimpleCookie fails to parse any cookie if an entry has whitespace in the name
Type: behavior Stage:
Components: Library (Lib) Versions: Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Adam Davis, infinitewarp
Priority: normal Keywords:

Created on 2017-09-13 18:46 by Adam Davis, last changed 2017-10-11 04:06 by Adam Davis.

Messages (3)
msg302105 - (view) Author: Adam Davis (Adam Davis) Date: 2017-09-13 18:46
```>>> from http.cookies import SimpleCookie
>>> cookie_string = "ASDF=stuff; ASDF space=more stuff"
>>> cookie = SimpleCookie()
>>> cookie.load(cookie_string)
>>> cookie.items()
dict_items([])
>>> cookie_string = "ASDF=stuff"
>>> cookie.load(cookie_string)
>>> cookie.items()
dict_items([('ASDF', <Morsel: ASDF=stuff>)])```

cookie.load should throw an error, or at least parse the cookies it can parse.
msg304102 - (view) Author: Brad Smith (infinitewarp) * Date: 2017-10-11 02:47
According to RFC-6265 (which also references RFC-2616 to define "tokens"), the space character (and whitespace in general) is not valid in cookie-names or cookie-values.

RFC-6265: https://tools.ietf.org/html/rfc6265#section-4.1.1
RFC-2616: https://tools.ietf.org/html/rfc2616#section-2.2

I think it's reasonable for Python to quietly throw away malformed NAME=VALUE pairs since web browsers are likely doing the same.
msg304104 - (view) Author: Adam Davis (Adam Davis) Date: 2017-10-11 04:06
Quietly throw out the one bad value, sure. You lose all cookies in your cookie string in this scenario. 

I'd expect "ASDF=stuff; ASDF space=more stuff" to at least kick out the values that are legal.
History
Date User Action Args
2017-10-11 04:06:24Adam Davissetmessages: + msg304104
2017-10-11 02:47:10infinitewarpsetnosy: + infinitewarp
messages: + msg304102
2017-09-13 18:46:23Adam Daviscreate