[Django] #20755: Certain cookie flags don't get unpickled properly

[Django]

#20755: Certain cookie flags don't get unpickled properly
------------------------------------------------+------------------------
Reporter: julien | Owner: nobody
Type: Bug | Status: new
Component: Core (Serialization) | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
I've noticed that some cookie flags (at least `httponly` and `secure`) do
not properly get unpickled. This is an issue particularly for
`FetchFromCacheMiddleware` when it unpickles a cached response object.

So far I've narrowed down the issue to this snippet of code:

{{{#!python
import pickle
from django.http import HttpResponse

original = HttpResponse()
original.set_cookie('foo', 'bar', path='/blah', httponly=True,
secure=True)

pickled = pickle.dumps(original, pickle.HIGHEST_PROTOCOL)
reloaded = pickle.loads(pickled)

# httponly and secure get lost in the pickle loading process!!
original.cookies['foo']['httponly'] # True
reloaded.cookies['foo']['httponly'] # ''

original.cookies['foo']['secure'] # True
reloaded.cookies['foo']['secure'] # ''

str(original.cookies) # 'Set-Cookie: foo=bar; httponly;
Path=/blah; secure'
str(reloaded.cookies) # 'Set-Cookie: foo=bar; Path=/blah'
}}}

At this stage I'm unsure if it's a bug in Django or in Python. For the
record, I've tested this with Python 2.7.5.

--
Ticket URL: <https://code.djangoproject.com/ticket/20755>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#20755: Certain cookie flags don't get unpickled properly

--------------------------------------+------------------------------------
Reporter: julien | Owner: julien
Type: Bug | Status: assigned

Component: Core (Serialization) | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by julien):

* owner: nobody => julien
* status: new => assigned
* stage: Unreviewed => Accepted

Comment:

After discussing with Collin Anderson, we found that this is in fact a bug
in Python. The HTTPOnly and Secure flags aren't properly deserialized:
http://bugs.python.org/issue16611

One work-around in Django would be to replace the empty strings `''` with
`True`.

I'll see if we can get this fixed in Python first before settling on a
given work-around.

--
Ticket URL: <https://code.djangoproject.com/ticket/20755#comment:1>

[Django]

#20755: Certain cookie flags don't get unpickled properly

-------------------------------+------------------------------------
Reporter: julien | Owner: julien

Type: Bug | Status: closed
Component: HTTP handling | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+------------------------------------
Changes (by timgraham):

* status: assigned => closed
* component: Core (Serialization) => HTTP handling
* resolution: => wontfix

Comment:

This has been fixed in Python 2.7.9, 3.3.3, and 3.4. Not sure it's worth
adding a workaround in Django at this point.

--
Ticket URL: <https://code.djangoproject.com/ticket/20755#comment:2>