Message82286
Marking this as affecting all Python versions. I've tested that in
Python 2.4, 2.5, 2.6, 2.7 and 3.0. Haven't tried 3.1.
Re-starting the problem: Cookie.py doesn't parse unquoted morsel values,
as Lawrence said in the original description. An unquoted "Expires"
cookie attribute is common in the wild. In fact, "Set-Cookie" headers
created by Cookie.py include unquoted "Expires" -- as it should given
this from RFC 2109:
HTTP/1.1 servers must send Expires: old-date (where old-date is a
date long in the past) on responses containing Set-Cookie response
headers unless they know for certain (by out of band means) that
there are no downsteam HTTP/1.0 proxies.
...
Note that the Expires date format contains embedded spaces, and that
"old" cookies did not have quotes around values. Clients that
implement to this specification should be aware of "old" cookies and
Expires.
Here is a shell session showing how Cookie.py doesn't round-trip:
>>> import sys
>>> if sys.version_info[0] == 3:
... from http.cookies import SimpleCookie
... else:
... from Cookie import SimpleCookie
...
>>> a = SimpleCookie()
>>> a["test"] = "expiry"
>>> a["test"]["expires"] = 10 # expire 10s from now
>>> cookie_str = a["test"].OutputString()
>>> cookie_str
'test=expiry; expires=Tue, 17-Feb-2009 00:13:03 GMT'
>>> str(a)
'Set-Cookie: test=expiry; expires=Tue, 17-Feb-2009 00:13:19 GMT'
>>>
>>> b = SimpleCookie()
>>> b.load(cookie_str)
>>> str(b)
'Set-Cookie: test=expiry; expires=Tue,'
Patch coming... |
|
Date |
User |
Action |
Args |
2009-02-17 00:14:28 | trentm | set | recipients:
+ trentm, mixedpuppy, rhymes |
2009-02-17 00:14:28 | trentm | set | messageid: <1234829668.32.0.777641716811.issue3073@psf.upfronthosting.co.za> |
2009-02-17 00:14:12 | trentm | link | issue3073 messages |
2009-02-17 00:14:11 | trentm | create | |
|