django.contrib.messages does not reliably predict cookie size due to underlying cookie encoding
|Reported by:||Tobias McNulty||Owned by:||Tobias McNulty|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
As discovered in debugging #12470, django.contrib.messages makes an assumption about the size of encoded cookies that does not stand and may result in lost data as the total size of all stored messages approaches 4096 bytes. From Luke Plant:
CookieStorage assumes that the length of the 'encoded' data (i.e. the return val from CookieStorage._encode()) is the number of bytes that the data takes up in the cookie. But the additional encoding that SimpleCookie does means you actually have less space, depending on the data. The simplest solution I can think of would be to base64 the whole value, as already suggested for other reasons. SimpleCookie would then have no need to change any of it, and the assumption would hold.
While on the subject - I just found out that IE6 and IE7 impose a limit of 4096 bytes *total* for cookies from a domain . With the current max_cookie_size, we leave no room for other cookies, which is bad. Maybe we should reduce to, say 3/4 of 4K.