This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author xtreak
Recipients benjamin.peterson, larry, martin.panter, miss-islington, ned.deily, orsenthil, serhiy.storchaka, xtreak
Date 2019-03-10.18:37:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The backport to 3.5 might require manual work since I used f-strings for tests that are not present in 3.5 and below. 2.7 is also affected and as I backported the tests and cookie set with path=/foo is sent on request to /foobad/foo . The module is present under Lib/ and might also require a different backport. Since this applies RFC 6265 definition that is more stricter and concrete than RFC 2965 I am not sure if this might break someone's code though there is a bug in the paths to which the cookie is sent. I am adding Larry and Benjamin who can take a call on backport and if a backport is needed I will be happy to open respective PRs.

The code in 2.7 also performs the same prefix match at that was fixed as per RFC 6265 .

    def path_return_ok(self, path, request):
        _debug("- checking cookie path=%s", path)
        req_path = request_path(request)
        if not req_path.startswith(path):
            _debug("  %s does not path-match %s", req_path, path)
            return False
        return True

$ ./python.exe
Python 2.7.16+ (remotes/upstream/2.7-dirty:55438d7139, Mar 10 2019, 23:35:15)
[GCC 4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
$ ./python.exe -m unittest -v test.test_cookielib.CookieTests.test_path_prefix_match
test_path_prefix_match (test.test_cookielib.CookieTests) ... FAIL

FAIL: test_path_prefix_match (test.test_cookielib.CookieTests)
Traceback (most recent call last):
  File "/Users/karthikeyansingaravelan/stuff/python/cpython/Lib/test/", line 673, in test_path_prefix_match
    self.assertNotIn('spam=eggs', h, "cookie set for {0}".format(path))
AssertionError: cookie set for /foobad/foo

Ran 1 test in 0.010s

FAILED (failures=1)
Date User Action Args
2019-03-10 18:37:35xtreaksetrecipients: + xtreak, orsenthil, larry, benjamin.peterson, ned.deily, martin.panter, serhiy.storchaka, miss-islington
2019-03-10 18:37:35xtreaksetmessageid: <>
2019-03-10 18:37:35xtreaklinkissue35647 messages
2019-03-10 18:37:34xtreakcreate