django.contrib.messages does not reliably predict cookie size due to underlying cookie encoding

[Tobias McNulty]

As discovered in debugging #12470, django.contrib.messages makes an assumption about the size of encoded cookies that does not stand and may result in lost data as the total size of all stored messages approaches 4096 bytes. From Luke Plant:

CookieStorage assumes that the length of the 'encoded' data (i.e. the
return val from CookieStorage._encode()) is the number of bytes that
the data takes up in the cookie.  But the additional encoding that
SimpleCookie does means you actually have less space, depending on the
data.

The simplest solution I can think of would be to base64 the whole
value, as already suggested for other reasons.  SimpleCookie would
then have no need to change any of it, and the assumption would hold.

While on the subject - I just found out that IE6 and IE7 impose a
limit of 4096 bytes *total* for cookies from a domain [1].  With the
current max_cookie_size, we leave no room for other cookies, which is
bad.  Maybe we should reduce to, say 3/4 of 4K.

see ​http://blogs.neoseeker.com/Redemption/542-browser-cookies-limitations-ie6-ie7-others/

[Luke Plant]

I fixed these issues in [12285] and [12287] respectively.

The reduction in max_cookie_size in [12287] also gives us some allowance for constant overhead (but not variable overhead) in cookie data. That is, most browsers include the "NAME=" as part of the cookie data when applying their maximum cookie size limit, and some might included other things like expiration date, so it is good to keep a little bit away from the limit.

[Tobias McNulty]

Whoops, didn't see those; thanks. You leave no work for the rest of us. :)

[Jacob]

Milestone 1.2 deleted