id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 19664,Illegal Characters In Session Key Give Fatal Error On File Backend Only,Simon Blanchard,Sasha Romijn,"The file backend for sessions checks for illegal characters in the key. If there are any illegal characters it throws a SuspiciousOperation exception. It is the only backend that check for this and throws an error. Shouldn't every backend either check or none of them? This is an issue because I occasionally get http clients accessing my sites with a comma separating cookies rather than a semicolon in the HTTP_COOKIE variable. Python parses the cookie string wrongly (according to the spec.) and I end up with a comma at the end of the first cookie. I've reported this in the Python issue tracker http://bugs.python.org/issue16362 It's known behaviour and will not be fixed. I suspect this has not been noticed by many since not many use the file backend. So do we really need to throw an error here. Or could we just return a new session? ",Bug,closed,contrib.sessions,dev,Normal,fixed,cookies sessions,bnomis@… eromijn@…,Ready for checkin,1,0,0,0,0,0