Double quotes in secure cookies
788 views
Skip to first unread message
Gleb Denisov
Sep 8, 2011, 8:21:27 PM9/8/11
to Tornado Web Server
I've been running the latest version from git (September 5, 2011) and
it looks like the secure cookie function now adds double quotes around
the value, which it did not use to (at least not in 2.0). For example:
"ZDgwMmFjZmRmZmUwNTFmYzE4M2VhYTBiODEyYzM5MGEzZWM0Nzc0YTE0M2Q5M2E5NTcxZTkxYmQ4OTE5MGZjNQ"
When reading the cookies with get_cookie() method it returns a version
without quotes and is fine for use in python code, but can be a
problem if the value of the cookie needs to be read with javascript
and later passed on as a request argument.
Is this a possible bug?
it looks like the secure cookie function now adds double quotes around
the value, which it did not use to (at least not in 2.0). For example:
"ZDgwMmFjZmRmZmUwNTFmYzE4M2VhYTBiODEyYzM5MGEzZWM0Nzc0YTE0M2Q5M2E5NTcxZTkxYmQ4OTE5MGZjNQ"
When reading the cookies with get_cookie() method it returns a version
without quotes and is fine for use in python code, but can be a
problem if the value of the cookie needs to be read with javascript
and later passed on as a request argument.
Is this a possible bug?
Ben Darnell
Sep 9, 2011, 2:17:38 AM9/9/11
to python-...@googlegroups.com
Cookie values may be quoted in the Set-Cookie header, and any cookie library is supposed to interpret the quoted strings correctly. If javascript sees the quotes as a part of the cookie value, that's a bug in the browser as I understand it.
-Ben
Reply all
Reply to author
Forward
0 new messages