#931: CherryPy (3.1.2) chokes on invalid cookies
-----------------------------+----------------------------------------------
Reporter:
la...@oddbit.com | Owner: fumanchu
Type: defect | Status: assigned
Priority: normal | Milestone: 3.2
Component: CherryPy code | Resolution:
Keywords: |
-----------------------------+----------------------------------------------
Changes (by fumanchu):
* milestone: => 3.2
* status: new => assigned
Old description:
> I asked one of our support staff to test out a CherryPy based web
> application at
host.dept.example.com. The application returned an HTTP
> 400 error code with the following message:
>
> HTTPError(400, "Illegal cookie name __utmz")
>
> The __utmz cookie actually comes from a web site at
www.example.com, so
> it's completely outside of our control. I don't think CherryPy should be
> throwing an exception in this situation. I've simply removed the
> exception from my local copy of _cprequest.py, but I'm not sure what the
> correct fix would be.
New description:
I asked one of our support staff to test out a CherryPy based web
application at
host.dept.example.com. The application returned an HTTP
400 error code with the following message:
{{{
HTTPError(400, "Illegal cookie name __utmz")
}}}
The `__utmz` cookie actually comes from a web site at
www.example.com, so
it's completely outside of our control. I don't think CherryPy should be
throwing an exception in this situation. I've simply removed the
exception from my local copy of `_cprequest.py`, but I'm not sure what the
correct fix would be.
Comment:
Reformatted.