Message230241
Thank-you Georg; I believe I was able to fix some of the failures by patching Django as you suggested.
However, I think I found another issue due to #16611 (support for httponly/secure cookies) not being backported to Python 3.2. The issue is that any cookies that appear after one that uses httponly or secure are dropped:
>>> from http.cookies import SimpleCookie
>>> c = SimpleCookie()
>>> c['a'] = 'b'
>>> c['a']['httponly'] = True
>>> c['d'] = 'e'
>>> out = c.output(header='', sep='; ')
>>> SimpleCookie(out)
<SimpleCookie: a='b'>
Here's another example using the 'domain' option to show the same flow from above working as expected:
>>> c = SimpleCookie()
>>> c['a'] = 'b'
>>> c['a']['domain'] = 'foo.com'
>>> c['d'] = 'e'
>>> out = c.output(header='', sep='; ')
>>> SimpleCookie(out)
<SimpleCookie: a='b' d='e'>
It seems to me this may warrant backporting httponly/secure support to Python 3.2 now that cookie parsing is more strict (unless Django is again relying on incorrect behavior). |
|
Date |
User |
Action |
Args |
2014-10-29 20:19:28 | Tim.Graham | set | recipients:
+ Tim.Graham, georg.brandl, pitrou, r.david.murray, berker.peksag |
2014-10-29 20:19:28 | Tim.Graham | set | messageid: <1414613968.69.0.250979041696.issue22758@psf.upfronthosting.co.za> |
2014-10-29 20:19:28 | Tim.Graham | link | issue22758 messages |
2014-10-29 20:19:28 | Tim.Graham | create | |
|