This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author keakon
Recipients georg.brandl, keakon, spookylukey
Date 2013-03-03.11:10:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
One of my user told me that she couldn't login to my website yesterday. I logged her cookie, and found it began with ',BRIDGE_R=;' which was a malformed cookie.
Tornado uses Cookie.SimpleCookie.load() to parse her cookie, and returns an empty dict when catching an exception such as CookieError.

In that case, Tornado has to treat her as a new user since it believes she didn't provide any cookies.
Even after Tornado tried to set cookie (like user_id) for her, it still couldn't parse her cookie the next time.

I checked Issue2193 and found the patch provided by spookylukey could fix the bug, but it was rejected.
Why not add a default parameter like strict=True, and let users to decide whether to ignore invalid keys or to raise an error?

I believe SimpleCookie is useless for handling malformed cookies right now.
If it's still not acceptable, should I implement my own Cookie class for Tornado like Django did (
Date User Action Args
2013-03-03 11:10:33keakonsetrecipients: + keakon, georg.brandl, spookylukey
2013-03-03 11:10:33keakonsetmessageid: <>
2013-03-03 11:10:32keakonlinkissue17340 messages
2013-03-03 11:10:32keakoncreate