homepage

I recently discovered that a valid cookie (by the RFC) is not parse-able by the Cookie library in python's standard library.
 import Cookie
 c = Cookie.SimpleCookie('key=[ab]cd[ef]')
 print c.keys() # yields []
When quoted, it works fine:
 c = Cookie.SimpleCookie('key="[ab]cd[ef]"')
 print c.keys() # yields ['key']
I noticed the issue after upgrading to Python 2.7.9 (was previously at 2.7.2). The issue cropped up in our internal Django Web site when another internal site used a cookie in a similar format to the above and due to the sort order of the cookies, it appeared before the sessionid cookie we use with Django. Effectively, parsing of the cookie header stops and the sessionid is never read which ... to Django ... means you are not logged in. So, attempt to login, no errors, redirect to new page after successful login and you still appear not logged in.
References:
cookie-value in http://tools.ietf.org/html/rfc6265#section-4.1
token in http://tools.ietf.org/html/rfc2616#section-2.2
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
...
The code correctly disallows brackets [ and ] in cookie-name's, but ends up disallowing them in cookie-value's as well which is not RFC Compliant.
We noticed this issue in Chrome but not Firefox. Our guess is that Firefox quotes its cookie-values which the code handles just fine.

This may be a duplicate of issue 22931. If so please add your comments there and close this one.

Yes, this is a duplicate of that bug. Sorry.