This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author martin.panter
Recipients georg.brandl, karlcow, keakon, martin.panter, spookylukey, terry.reedy
Date 2016-02-08.07:11:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The current Python 3.5 and default branches actually seem to parse the test case given:

>>> c = SimpleCookie()
>>> c.load(",BRIDGE_R=; a=b; user_id=1;")
>>> c
<SimpleCookie: ,BRIDGE_R='' a='b' user_id='1'>

But that is just a side effect of Issue 26302. When that is fixed, parsing the cookie string will raise CookieError and fail to set the invalid cookie “morsel”, and the ones that come after it.

There seems to be a disconnect between _LegalChars (causes the CookieError if a comma is in a cookie key name) and _LegalKeyChars (allows a comma, but causes cookie string parsing to silently abort for other illegal characters).

There are other cases where the entire cookie string is rejected, specifically added by Issue 22796 (revision a065ab1c67a8).

On the other hand, Issue 25228 has a which has a patch to skip over some invalid cookie “morsels” and continue on to valid ones.
Date User Action Args
2016-02-08 07:11:05martin.pantersetrecipients: + martin.panter, georg.brandl, terry.reedy, karlcow, spookylukey, keakon
2016-02-08 07:11:05martin.pantersetmessageid: <>
2016-02-08 07:11:04martin.panterlinkissue17340 messages
2016-02-08 07:11:03martin.pantercreate