Illegal Characters In Session Key Give Fatal Error On File Backend Only
|Reported by:||simonb||Owned by:||erikr|
|Cc:||bnomis@…, eromijn@…||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The file backend for sessions checks for illegal characters in the key. If there are any illegal characters it throws a SuspiciousOperation exception. It is the only backend that check for this and throws an error. Shouldn't every backend either check or none of them?
This is an issue because I occasionally get http clients accessing my sites with a comma separating cookies rather than a semicolon in the HTTP_COOKIE variable. Python parses the cookie string wrongly (according to the spec.) and I end up with a comma at the end of the first cookie. I've reported this in the Python issue tracker http://bugs.python.org/issue16362 It's known behaviour and will not be fixed.
I suspect this has not been noticed by many since not many use the file backend.
So do we really need to throw an error here. Or could we just return a new session?
Change History (10)
comment:1 Changed 3 years ago by simonb
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Summary changed from Illegal Characters Im Session Key Give Fatal Error On File Backend Only to Illegal Characters In Session Key Give Fatal Error On File Backend Only
comment:2 Changed 3 years ago by supersteve9219
- Triage Stage changed from Unreviewed to Design decision needed
- Type changed from Uncategorized to Bug
comment:3 Changed 3 years ago by aaugustin
- Resolution set to needsinfo
- Status changed from new to closed
Changed 3 years ago by simonb
comment:5 Changed 3 years ago by aaugustin
- Resolution needsinfo deleted
- Status changed from closed to new
comment:6 Changed 3 years ago by aaugustin
- Triage Stage changed from Design decision needed to Accepted
comment:7 Changed 3 years ago by erikr
- Cc eromijn@… added
- Owner changed from nobody to erikr
- Status changed from new to assigned
- Version changed from 1.5-beta-1 to master