This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author julien.phalip
Recipients eric.araujo, ezio.melotti, flox, jdennis, julien.phalip, r.david.murray
Date 2013-08-25.00:02:49
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Thanks for the review and new patch, David! Your approach makes sense and the patch looks good to me.

However, regarding backwards-compatibility, is that really a concern?

Currently the deserialization process systematically 1) Adds the 'httponly' and 'secure' dict keys to the cookie object and 2) Puts an empty string value for those keys, regardless of whether those flags are present or not in the loaded string. So currently nobody's code could possibly rely on any particular state or behavior in the cookie object to determine if those flags were originally present in the loaded string.

I guess I'm wondering what could possibly break in people's code if we now implemented a fully logical fix for this. What do you think?
Date User Action Args
2013-08-25 00:02:50julien.phalipsetrecipients: + julien.phalip, ezio.melotti, eric.araujo, r.david.murray, flox, jdennis
2013-08-25 00:02:50julien.phalipsetmessageid: <>
2013-08-25 00:02:50julien.phaliplinkissue16611 messages
2013-08-25 00:02:49julien.phalipcreate