[Django] #24634: Comma as a cookie separator in HTTP_COOKIES is not handled correctly

33 views
Skip to first unread message

Django

unread,
Apr 13, 2015, 6:06:05 AM4/13/15
to django-...@googlegroups.com
#24634: Comma as a cookie separator in HTTP_COOKIES is not handled correctly
-------------------------------+--------------------
Reporter: riklaunim | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
RFC https://www.ietf.org/rfc/rfc2109.txt states:
{{{
A server should also accept comma (,) as the separator between cookie-
values for future compatibility.
}}}

And now Skype WISPr and iPassConnect user agents are using this separator
and the cookies are not handled by Django correctly. A simple test:


{{{
client = test.Client(HTTP_COOKIE='zz=a,zzz=b,zzzz=c')
client.get('/')
}}}
Ends up with:

{{{
{'zz': 'a,zzz=b,zzzz=c'}
}}}
as request.COOKIES in Django.

--
Ticket URL: <https://code.djangoproject.com/ticket/24634>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Apr 13, 2015, 6:15:26 AM4/13/15
to django-...@googlegroups.com
#24634: Comma as a cookie separator in HTTP_COOKIES is not handled correctly
-------------------------------+--------------------------------------

Reporter: riklaunim | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by riklaunim):

* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0


Comment:

It happens only if the cookies are separated by comma. Comma plus space
works.

--
Ticket URL: <https://code.djangoproject.com/ticket/24634#comment:1>

Django

unread,
Apr 13, 2015, 8:18:54 AM4/13/15
to django-...@googlegroups.com
#24634: Comma as a cookie separator in HTTP_COOKIES is not handled correctly
-------------------------------+--------------------------------------
Reporter: riklaunim | Owner: nobody
Type: Uncategorized | Status: closed
Component: Uncategorized | Version: 1.7
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage: Unreviewed

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by timgraham):

* status: new => closed
* resolution: => invalid


Comment:

Django uses Python's cookie parsing, so if this is to be addressed at all,
I think it should be addressed upstream. I'd
[https://www.google.com/search?q=cookie+comma+separated+python+site:bugs.python.org
check to see] if a similar issue has been raised in the past before filing
a bug.

--
Ticket URL: <https://code.djangoproject.com/ticket/24634#comment:2>

Reply all
Reply to author
Forward
0 new messages