Message183367
One of my user told me that she couldn't login to my website yesterday. I logged her cookie, and found it began with ',BRIDGE_R=;' which was a malformed cookie.
Tornado uses Cookie.SimpleCookie.load() to parse her cookie, and returns an empty dict when catching an exception such as CookieError.
In that case, Tornado has to treat her as a new user since it believes she didn't provide any cookies.
Even after Tornado tried to set cookie (like user_id) for her, it still couldn't parse her cookie the next time.
I checked Issue2193 and found the patch provided by spookylukey could fix the bug, but it was rejected.
Why not add a default parameter like strict=True, and let users to decide whether to ignore invalid keys or to raise an error?
I believe SimpleCookie is useless for handling malformed cookies right now.
If it's still not acceptable, should I implement my own Cookie class for Tornado like Django did (https://github.com/django/django/blob/master/django/http/cookie.py)? |
|
Date |
User |
Action |
Args |
2013-03-03 11:10:33 | keakon | set | recipients:
+ keakon, georg.brandl, spookylukey |
2013-03-03 11:10:33 | keakon | set | messageid: <1362309033.05.0.860433762185.issue17340@psf.upfronthosting.co.za> |
2013-03-03 11:10:32 | keakon | link | issue17340 messages |
2013-03-03 11:10:32 | keakon | create | |
|