This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author trentm
Recipients mixedpuppy, rhymes, trentm
Date 2009-02-17.00:14:11
SpamBayes Score 0.0329127
Marked as misclassified No
Message-id <>
Marking this as affecting all Python versions. I've tested that in
Python 2.4, 2.5, 2.6, 2.7 and 3.0. Haven't tried 3.1.

Re-starting the problem: doesn't parse unquoted morsel values,
as Lawrence said in the original description. An unquoted "Expires"
cookie attribute is common in the wild. In fact, "Set-Cookie" headers
created by include unquoted "Expires" -- as it should given
this from RFC 2109:

   HTTP/1.1 servers must send Expires: old-date (where old-date is a
   date long in the past) on responses containing Set-Cookie response
   headers unless they know for certain (by out of band means) that
   there are no downsteam HTTP/1.0 proxies.
   Note that the Expires date format contains embedded spaces, and that
   "old" cookies did not have quotes around values.  Clients that
   implement to this specification should be aware of "old" cookies and

Here is a shell session showing how doesn't round-trip:

>>> import sys
>>> if sys.version_info[0] == 3:
...     from http.cookies import SimpleCookie
... else:
...     from Cookie import SimpleCookie
>>> a = SimpleCookie()
>>> a["test"] = "expiry"
>>> a["test"]["expires"] = 10  # expire 10s from now
>>> cookie_str = a["test"].OutputString()
>>> cookie_str
'test=expiry; expires=Tue, 17-Feb-2009 00:13:03 GMT'
>>> str(a)
'Set-Cookie: test=expiry; expires=Tue, 17-Feb-2009 00:13:19 GMT'
>>> b = SimpleCookie()
>>> b.load(cookie_str)
>>> str(b)
'Set-Cookie: test=expiry; expires=Tue,'

Patch coming...
Date User Action Args
2009-02-17 00:14:28trentmsetrecipients: + trentm, mixedpuppy, rhymes
2009-02-17 00:14:28trentmsetmessageid: <>
2009-02-17 00:14:12trentmlinkissue3073 messages
2009-02-17 00:14:11trentmcreate