Message 139432 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	spookylukey
Recipients	BM, BreamoreBoy, aclover, akuchling, carsten.klein, dstanek, georg.brandl, jerry.seutter, jjlee, karlcow, r.david.murray, spookylukey, tim.peters
Date	2011-06-29.15:33:59
SpamBayes Score	2.506324e-05
Marked as misclassified	No
Message-id	<1309361640.32.0.0510299864774.issue2193@psf.upfronthosting.co.za>
In-reply-to

Content
I had a quick look, and there are these relevant bits: << There are two audiences for this specification: developers of cookie-generating servers and developers of cookie-consuming user agents. >> And: << To maximize interoperability with user agents, servers should limit themselves to the well-behaved profile defined in Section 4 when generating cookies. >> So, the document doesn't tell servers how to parse cookies, only how to generate them. With regards to generation, there is basically no change - we still disallow programmers to set cookie names that are not a 'token', as defined by section 4 of that document, which is the same as RFC 2109 in terms of valid cookie names if you look at it. It is not obvious to me that Python's BaseCookie implementation obeys RFC 2109 (due to the way character lists are defined in the opposite way), but if you believe the comments in the module then it does. I haven't read the rest of RFC 6265 and checked BaseCookie against it - that would be a much bigger job. But with respect to the change in my patch, it looks like we are all OK.

I had a quick look, and there are these relevant bits:

<< There are two audiences for this specification: developers of cookie-generating servers and developers of cookie-consuming user agents. >>

And:

<< To maximize interoperability with user agents, servers should limit themselves to the well-behaved profile defined in Section 4 when generating cookies. >>

So, the document doesn't tell servers how to parse cookies, only how to generate them.

With regards to generation, there is basically no change - we still disallow programmers to set cookie names that are not a 'token', as defined by section 4 of that document, which is the same as RFC 2109 in terms of valid cookie names if you look at it. It is not obvious to me that Python's BaseCookie implementation obeys RFC 2109 (due to the way character lists are defined in the opposite way), but if you believe the comments in the module then it does.

I haven't read the rest of RFC 6265 and checked BaseCookie against it - that would be a much bigger job. But with respect to the change in my patch, it looks like we are all OK.

History
Date	User	Action	Args
2011-06-29 15:34:00	spookylukey	set	recipients: + spookylukey, tim.peters, akuchling, georg.brandl, jjlee, dstanek, jerry.seutter, BM, aclover, r.david.murray, karlcow, BreamoreBoy, carsten.klein
2011-06-29 15:34:00	spookylukey	set	messageid: <1309361640.32.0.0510299864774.issue2193@psf.upfronthosting.co.za>
2011-06-29 15:33:59	spookylukey	link	issue2193 messages
2011-06-29 15:33:59	spookylukey	create