This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2005年12月07日 03:50 by valankar, last changed 2022年04月11日 14:56 by admin.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| Cookie.py.patch | valankar, 2005年12月07日 03:50 | Patch for revision 41632 of Cookie.py | review | |
| issue1375011-2.7.patch | mmelin, 2013年02月23日 16:45 | Patch, test & docs for Cookie.py on 2.7 | review | |
| issue1375011-3.2.patch | mmelin, 2013年02月23日 16:45 | Patch, test & docs for http/cookies.py on 3.2 | review | |
| Messages (8) | |||
|---|---|---|---|
| msg49178 - (view) | Author: Viraj Alankar (valankar) | Date: 2005年12月07日 03:50 | |
This patch implements part of bug 1372650. Sometimes a web client will send 2 instances of the same name: Cookie: mycookie=foo; mycookie=bar The specs listed here: http://wp.netscape.com/newsref/std/cookie_spec.html state that the first one is the one that should be used. The other cookies listed are the inherited ones from paths that a prefix of the current URL. When this is parsed by the Cookie module, mycookie gets set to bar when it should be foo. This patch changes Cookie.py to only use the first instance of duplicate cookies when parsing cookie strings. |
|||
| msg49179 - (view) | Author: Björn Lindqvist (sonderblade) | Date: 2007年03月14日 23:54 | |
That link is misleading and just confuses you. :) Instead read John J. Lee's great explanation at the referenced bug report. I have tested the patch and it works as expected. Without the patch:
>>> c = SimpleCookie('foo=33;foo=34')
>>> print c
Set-Cookie: foo=34
With the patch:
>>> c = SimpleCookie('foo=33;foo=34')
>>> print c
Set-Cookie: foo=33
There should be a unit test though and something in the documentation. The keys dict should be a set instead.
|
|||
| msg86297 - (view) | Author: Daniel Diniz (ajaksu2) * (Python triager) | Date: 2009年04月22日 14:42 | |
See discussion in issue 1372650. |
|||
| msg114634 - (view) | Author: Mark Lawrence (BreamoreBoy) * | Date: 2010年08月22日 01:33 | |
Even if the patch is still valid there are still no doc or unit test changes. |
|||
| msg182758 - (view) | Author: Martin Melin (mmelin) * | Date: 2013年02月23日 16:45 | |
Attached is a patch with Viraj's original fix except using a set instead of a dict as suggested by Björn. This patch also includes a test case and a note in the docs about this behavior. Since Cookie has been moved and the code has been cleaned up somewhat between 2.7 and 3.2 I'm attaching patches for both branches. Of course, a decision still needs to be made whether or not this should be applied; the behavior is more correct now, but I don't know if it is worth potentially breaking applications that have come to expect the old behavior. There doesn't seem to be a consensus in #1372650 but I thought having a complete patch would be a good thing regardless. |
|||
| msg182759 - (view) | Author: Martin Melin (mmelin) * | Date: 2013年02月23日 16:45 | |
Just adding the 3.2 patch |
|||
| msg353845 - (view) | Author: karl (karlcow) * | Date: 2019年10月03日 12:52 | |
Relevant spec https://tools.ietf.org/html/rfc6265 |
|||
| msg385430 - (view) | Author: Christoph Zwerschke (cito) * | Date: 2021年01月21日 15:12 | |
This patch should really be included. As carl already mentioned, the relevant spec is RFC 6265, see section 5.4.2: "The user agent SHOULD sort the cookie-list in the following order: Cookies with longer paths are listed before cookies with shorter paths. Among cookies that have equal-length path fields, cookies with earlier creation-times are listed before cookies with later creation-times." Currently, if the cookies are loaded with cookies.load(env['HTTP_COOKIE']) as most web frameworks do, then the cookies will be populated with the least specific or oldest values if there are duplicates. This is really bad. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:56:14 | admin | set | github: 42664 |
| 2021年01月21日 15:12:28 | cito | set | nosy:
+ cito messages: + msg385430 |
| 2020年11月06日 20:00:24 | iritkatriel | set | versions: + Python 3.8, Python 3.9, Python 3.10, - Python 3.1, Python 2.7, Python 3.2 |
| 2019年10月03日 12:52:29 | karlcow | set | nosy:
+ karlcow messages: + msg353845 |
| 2016年08月22日 12:31:03 | martin.panter | set | title: Improper handling of duplicate cookies -> http.cookies, Cookie.py: Improper handling of duplicate cookies |
| 2016年04月25日 12:01:01 | berker.peksag | link | issue7504 superseder |
| 2014年02月03日 18:40:14 | BreamoreBoy | set | nosy:
- BreamoreBoy |
| 2013年02月23日 16:45:57 | mmelin | set | files:
+ issue1375011-3.2.patch messages: + msg182759 |
| 2013年02月23日 16:45:05 | mmelin | set | files:
+ issue1375011-2.7.patch nosy: + mmelin messages: + msg182758 |
| 2010年08月30日 16:53:05 | BreamoreBoy | link | issue1372650 superseder |
| 2010年08月30日 16:53:05 | BreamoreBoy | unlink | issue1372650 dependencies |
| 2010年08月22日 01:33:46 | BreamoreBoy | set | nosy:
+ BreamoreBoy messages: + msg114634 versions: + Python 3.1, Python 2.7, Python 3.2, - Python 2.6 |
| 2009年04月22日 14:42:51 | ajaksu2 | set | keywords:
+ easy nosy: + ajaksu2 messages: + msg86297 |
| 2009年02月16日 03:57:53 | ajaksu2 | link | issue1372650 dependencies |
| 2009年02月13日 01:16:33 | ajaksu2 | set | nosy:
+ jjlee stage: test needed type: behavior versions: + Python 2.6, - Python 2.5 |
| 2005年12月07日 03:50:53 | valankar | create | |