Title: CookieJar cookies should not be sorted
Type: behavior Stage: patch review
Components: Library (Lib) Versions: Python 3.10
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: IKermani, rhettinger
Priority: normal Keywords: patch

Created on 2020-10-18 08:59 by IKermani, last changed 2020-10-19 19:38 by rhettinger.

Pull Requests
URL Status Linked Edit
PR 22745 open IKermani, 2020-10-18 13:07
Messages (2)
msg378855 - (view) Author: Iman Kermani (IKermani) * Date: 2020-10-18 08:59

By default python handle cookies based on regular Netscape cookie protocol and the protocol defined by RFC 2965.

There is a behavior in python which sort cookies in CookieJar by default:

Moreover there is no definition in the 2965 about the cookie ordering in Cookie Header when cookies have equal-length path fields.

This is a undesirable behavior when working with certain libraries like requests.
In this case browser implements the RFC 6265 which obsoletes the RFC 2965. Therefore The behavior is based on
"The user agent SHOULD sort the cookie-list in the following order:
Cookies with longer paths are listed before cookies with shorter paths.
Among cookies that have equal-length path fields, cookies with earlier creation-times are listed before cookies with later creation-times."

This means that the order of the cookies with same path attribute in Cookie header follow the Set-Cookie order in the HTTP response.

RFC 6265 compliance is not what this issue is meant rather it imply on the sorting of cookies which is unnecessary here and not mentioned in RFC 2965 or the regular Netscape cookie protocol.

Thanks in advance for looking into this issue

msg378882 - (view) Author: Raymond Hettinger (rhettinger) * (Python committer) Date: 2020-10-18 18:11
The seems reasonable to me.  Likely, the sorting was originally added to make the execution order deterministic.  Now that dicts remember insertion order, that is no longer necessary.  Helpfully, the docs do not specify sorting, so there is no guaranteed behavior.  That said, there is some risk that applications or their tests depend on the existing behavior.
Date User Action Args
2020-10-19 19:38:23rhettingersetversions: - Python 3.6, Python 3.7, Python 3.8, Python 3.9
2020-10-18 18:11:03rhettingersetnosy: + rhettinger
messages: + msg378882
2020-10-18 13:07:14IKermanisetkeywords: + patch
stage: patch review
pull_requests: + pull_request21707
2020-10-18 08:59:25IKermanicreate