SetCookie on redirect

106 views
Skip to first unread message

Jonathan Vanasco

unread,
Feb 7, 2012, 6:41:24 PM2/7/12
to pylons-discuss
This was driving me crazy for a while. Finally i realized that
Pyramid doesn't send any SetCookie commands when a redirect is called,
because the HTTPFound is oblivious to the request.

It's not entirely recommended to set cookies with a redirect as not
all browsers accept them ( only Safari doesn't ) , however it is
common practice to encounter it... and I have some legacy code to
maintain / transition.

I ended up with a workaround :
headers [ (k,v) for (k,v) in
self.request.response.headers.iteritems() if k == 'Set-Cookie']
return HTTPFound(location='/account/redirect-
test-2',headers=headers)

Does anyone know why "requests" were omitted from the
httpexceptions ? I just find it odd that there isn't a 'request' arg
on them , and that something like this isn't automatic.

Gael Pasgrimaud

unread,
Feb 7, 2012, 7:02:54 PM2/7/12
to pylons-...@googlegroups.com

Not me. But I guess that you can use:

resp = HTTPFound(location='/account/redirect-test-2')
return self.request.response.merge_cookies(resp)

> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to pylons-discus...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
>

Jonathan Vanasco

unread,
Feb 8, 2012, 12:17:16 PM2/8/12
to pylons-discuss
thanks.

i ended up writing a quick subscriber package:

https://gist.github.com/1771046

it supports two methods:

1- migrates headers into the redirect ( I opted to use .extend instead
of merge_cookies, because i already had to pull the cookie data )
2- stashes the cookies into a "@cookie-xfer" space within the session,
then populates it on new requests

The caveat to the first method, is that Safari doesn't like it.
The caveat to the second method, is that it's storing based on the
"string" of the cookie -- so there's no 'uniqueness'. i put in a
boolean for a uniqueness via the cookie name... but its not really
"correct". if you don't have that in there, the session can build up
and easily max out the header size for many web servers.

Jonathan Vanasco

unread,
Feb 8, 2012, 5:45:25 PM2/8/12
to pylons-discuss
wanted to add to this thread:

after a lot of testing, I've noted that my 'cleanup' subscriber
solution only works if you RETURN the HTTPFound.
If you raise an HTTPFound, there's no way to catch the original
request object

it appears that event.request.response is overwritten with a new
instance of a response object when you RAISE a httpexception

I couldn't track down where it happened in the pyramid core, but
logging the object ids in a variety of test cases showed that this is
indeed happening.

These situations will work:
return HTTPFound(location='/redirect-test-return-no-headers-
b')
return HTTPFound(location='/redirect-test-return-specify-
headers-b',headers=headers_dict)
raise HTTPFound(location='/redirect-test-raise-specify-headers-
b',headers=headers_dict)

This won't work
raise HTTPFound(location='/redirect-test-raise-no-headers-b')

Jonathan Vanasco

unread,
Feb 9, 2012, 12:46:35 AM2/9/12
to pylons-discuss
i ended up packaging this for distro, because i needed it on a couple
of projects

https://github.com/jvanasco/pyramid_subscribers_cookiexfer
Reply all
Reply to author
Forward
0 new messages