What would cause CookieError: Illegal Key Value?
snew...@gmail.com
errors while parsing cookies because of illegal key values. What would
cause this to happen? The site has been live for a month and gets a
decent amount of traffic, and this is the first I've seen of it. Not
sure if it's a fluke or something to be concerned with.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/code/django/core/handlers/base.py", line 62, in
get_response
response = middleware_method(request)
File "/home/code/django/middleware/sessions.py", line 69, in
process_request
request.session =
SessionWrapper(request.COOKIES.get(SESSION_COOKIE_NAME, None))
File "/home/code/django/core/handlers/modpython.py", line 74, in
_get_cookies
self._cookies =
httpwrappers.parse_cookie(self._req.headers_in.get('cookie', ''))
File "/home/code/django/utils/httpwrappers.py", line 140, in
parse_cookie
c.load(cookie)
File "/opt/python-2.4.4/lib/python2.4/Cookie.py", line 621, in load
self.__ParseString(rawdata)
File "/opt/python-2.4.4/lib/python2.4/Cookie.py", line 652, in
__ParseString
self.__set(K, rval, cval)
File "/opt/python-2.4.4/lib/python2.4/Cookie.py", line 574, in __set
M.set(key, real_value, coded_value)
File "/opt/python-2.4.4/lib/python2.4/Cookie.py", line 453, in set
raise CookieError("Illegal key value: %s" % key)
CookieError: Illegal key value: ZEDOPOP162000000151/105/1
<ModPythonRequest
path:/rssgalleries/snap-most-popular/,
GET:<MultiValueDict: {'js': ['']}>,
POST:<MultiValueDict: {}>,
COOKIES:<could not parse>,
META:{'AUTH_TYPE': None,
'CONTENT_LENGTH': 0L,
'CONTENT_TYPE': None,
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': '*/*',
'HTTP_ACCEPT_LANGUAGE': 'en',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'ZEDOPOP162000000151/105/1=1; s_cc=true; s_sq=',
'HTTP_EXTENSION': 'Security/Remote-Passphrase',
'HTTP_HOST': 'www2.tbo.com',
'HTTP_UA_CPU': 'PPC',
'HTTP_UA_OS': 'MacOS',
'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC)',
'HTTP_VIA': '1.0 ics_server.pinellas.k12.fl.us (ICS 2.2.0.3.26)',
'PATH_INFO': '/snap-most-popular/',
'PATH_TRANSLATED': None,
'QUERY_STRING': 'js',
'REMOTE_ADDR': '168.213.1.133',
'REMOTE_HOST': None,
'REMOTE_IDENT': None,
'REMOTE_USER': None,
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': None,
'SERVER_NAME': 'www2.tbo.com',
'SERVER_PORT': 0,
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SOFTWARE': 'mod_python'},
user:AnonymousUser>
Malcolm Tredinnick
It's not clear why your site is receiving this sort of cookie. Maybe it
is expected, maybe not -- that is something you need to work out (it
could be caused by something else at the same domain name setting a very
loose path specification, for example).
However, I suspect you may have come across a limitation in the Python
Cookie module here (so it's not really something Django can fix without
a lot of duplciated code): in the original (informal) Netscape cookie
spec, the "name" portion of a "name=value" pair in a cookie could
consist of any characters except semi-colon, whitespace and comma. It's
not clear from a quick read of RFC 2965 (the latest cookie RFC) if this
is still the case. However, the Cookie module that ships with Python
2.4, at least, has a much more restricted set of characters that it
allows in the "name" field. And a slash is not one of those characters.
I don't know what the solution is here. We've had at least one other
case of Python's cookie module not being fully spec-compliant in the
past, but replacing it with our own hacked version would be a lot of
extra maintenance. The proper solution is to work out the real spec
requirements and file a bug against Python.
Regards,
Malcolm