Changes between Initial Version and Version 1 of Ticket #15852, comment 2


Ignore:
Timestamp:
04/22/2011 08:13:05 AM (4 years ago)
Author:
vung
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15852, comment 2

    initial v1  
    88
    99
    10 The problem is that when a `CookieError` is raised `http.SimpleCookie._loose_set` bypasses regular code paths to store a key whose value is `None`. The normal code path would ensure that the value is a `Morcel` object.
     10The problem is that when a `CookieError` is raised `http.SimpleCookie._loose_set` bypasses regular code paths to store a key whose value is `None`. The normal code path would ensure that the value is a `Morsel` object.
    1111
    1212`None` works fine when the key occurs only once, so this isn't catched by the test commited in r15523.
     
    1414When the same key is encountered a second time, though, this value is used in `BaseCookie` under the assumption that it is a `Morsel` instance and consequently it has a `set()` method. Of course, `None` doesn't have one, hence the bug.
    1515
    16 The immediate fix is to use a `Morcel` instance. It doesn't matter if it supports `httponly` or not, it will be removed anyway.
     16The immediate fix is to use a `Morsel` instance. It doesn't matter if it supports `httponly` or not, it will be removed anyway.
    1717
    1818Fixing this brings a second problem: bad cookies are colected in a list, to be removed when loading finishes. This will result in calling `del self[key]` more than once for the same key and will fail.
Back to Top