Changes between Initial Version and Version 1 of Ticket #15852, comment 2
- Timestamp:
- Apr 22, 2011, 8:13:05 AM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #15852, comment 2
initial v1 8 8 9 9 10 The problem is that when a `CookieError` is raised `http.SimpleCookie._loose_set` bypasses regular code paths to store a key whose value is `None`. The normal code path would ensure that the value is a `Mor cel` object.10 The problem is that when a `CookieError` is raised `http.SimpleCookie._loose_set` bypasses regular code paths to store a key whose value is `None`. The normal code path would ensure that the value is a `Morsel` object. 11 11 12 12 `None` works fine when the key occurs only once, so this isn't catched by the test commited in r15523. … … 14 14 When the same key is encountered a second time, though, this value is used in `BaseCookie` under the assumption that it is a `Morsel` instance and consequently it has a `set()` method. Of course, `None` doesn't have one, hence the bug. 15 15 16 The immediate fix is to use a `Mor cel` instance. It doesn't matter if it supports `httponly` or not, it will be removed anyway.16 The immediate fix is to use a `Morsel` instance. It doesn't matter if it supports `httponly` or not, it will be removed anyway. 17 17 18 18 Fixing this brings a second problem: bad cookies are colected in a list, to be removed when loading finishes. This will result in calling `del self[key]` more than once for the same key and will fail.