Message 193274 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	julien.phalip
Recipients	eric.araujo, ezio.melotti, flox, jdennis, julien.phalip, r.david.murray
Date	2013-07-18.09:47:12
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1374140833.96.0.881692338775.issue16611@psf.upfronthosting.co.za>
In-reply-to

Content
I'm attaching a suggested patch to fix the issues relating to serializing/deserializing the httponly and secure flags. The main idea is that for a flag to be active, it needs to both be set and have the True value. I think this is a much more correct and saner approach than the current implementation. As it's been discussed previously, currently the httponly and secure flag are systematically given the empty string as default value when instantiating a Morsel object. So one would infer that the empty string means that the flags are inactive. However, when deserializing a Morsel object, the empty string is used to indicate that a flag is active. Both behaviors contradict each other. While the suggested change is backwards-incompatible, it would break the code of developers relying on an inconsistent behavior. So perhaps this might be compelling enough to allow breaking backwards compatibility in this case. Let me know what you think. Thanks!

I'm attaching a suggested patch to fix the issues relating to serializing/deserializing the httponly and secure flags. The main idea is that for a flag to be active, it needs to both be set and have the True value.

I think this is a much more correct and saner approach than the current implementation. As it's been discussed previously, currently the httponly and secure flag are systematically given the empty string as default value when instantiating a Morsel object. So one would infer that the empty string means that the flags are inactive. However, when deserializing a Morsel object, the empty string is used to indicate that a flag is active. Both behaviors contradict each other.

While the suggested change is backwards-incompatible, it would break the code of developers relying on an inconsistent behavior. So perhaps this might be compelling enough to allow breaking backwards compatibility in this case.

Let me know what you think. Thanks!

History
Date	User	Action	Args
2013-07-18 09:47:14	julien.phalip	set	recipients: + julien.phalip, ezio.melotti, eric.araujo, r.david.murray, flox, jdennis
2013-07-18 09:47:13	julien.phalip	set	messageid: <1374140833.96.0.881692338775.issue16611@psf.upfronthosting.co.za>
2013-07-18 09:47:13	julien.phalip	link	issue16611 messages
2013-07-18 09:47:13	julien.phalip	create