Message 232020 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	demian.brecht
Recipients	demian.brecht
Date	2014-12-02.16:59:37
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1417539577.52.0.585535774996.issue22983@psf.upfronthosting.co.za>
In-reply-to

Content
As found in #22931, if an invalid cookie value is found while parsing, the rest of the cookie is silently ignored. The expected behavior is undefined in RFC 6265, but does state that if unexpected values are encountered that user agents MAY ignore an entire set-cookie string (not just a subsection of it). Given that, invalid cookie portions should likely be handled by either: 1. Ignore the cookie string in its entirety and log an error message, or 2. Ignore invalid cookie-pairs but still parse the rest of the string The latter would likely be the best path (Postel's law and all)

As found in #22931, if an invalid cookie value is found while parsing, the rest of the cookie is silently ignored. The expected behavior is undefined in RFC 6265, but does state that if unexpected values are encountered that user agents MAY ignore an entire set-cookie string (not just a subsection of it). Given that, invalid cookie portions should likely be handled by either:

1. Ignore the cookie string in its entirety and log an error message, or
2. Ignore invalid cookie-pairs but still parse the rest of the string

The latter would likely be the best path (Postel's law and all)

History
Date	User	Action	Args
2014-12-02 16:59:37	demian.brecht	set	recipients: + demian.brecht
2014-12-02 16:59:37	demian.brecht	set	messageid: <1417539577.52.0.585535774996.issue22983@psf.upfronthosting.co.za>
2014-12-02 16:59:37	demian.brecht	link	issue22983 messages
2014-12-02 16:59:37	demian.brecht	create