This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Tim.Graham
Recipients Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray
Date 2014-10-29.20:19:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Thank-you Georg; I believe I was able to fix some of the failures by patching Django as you suggested.

However, I think I found another issue due to #16611 (support for httponly/secure cookies) not being backported to Python 3.2. The issue is that any cookies that appear after one that uses httponly or secure are dropped:

>>> from http.cookies import SimpleCookie
>>> c = SimpleCookie()
>>> c['a'] = 'b'
>>> c['a']['httponly'] = True
>>> c['d'] = 'e'
>>> out = c.output(header='', sep='; ')
>>> SimpleCookie(out)
<SimpleCookie: a='b'>

Here's another example using the 'domain' option to show the same flow from above working as expected:

>>> c = SimpleCookie()
>>> c['a'] = 'b'
>>> c['a']['domain'] = ''
>>> c['d'] = 'e'
>>> out = c.output(header='', sep='; ')
>>> SimpleCookie(out)
<SimpleCookie: a='b' d='e'>

It seems to me this may warrant backporting httponly/secure support to Python 3.2 now that cookie parsing is more strict (unless Django is again relying on incorrect behavior).
Date User Action Args
2014-10-29 20:19:28Tim.Grahamsetrecipients: + Tim.Graham, georg.brandl, pitrou, r.david.murray, berker.peksag
2014-10-29 20:19:28Tim.Grahamsetmessageid: <>
2014-10-29 20:19:28Tim.Grahamlinkissue22758 messages
2014-10-29 20:19:28Tim.Grahamcreate