Certain cookie flags don't get unpickled properly

[Julien Phalip]

I've noticed that some cookie flags (at least httponly and secure) do not properly get unpickled. This is an issue particularly for FetchFromCacheMiddleware when it unpickles a cached response object.

So far I've narrowed down the issue to this snippet of code:

import pickle
from django.http import HttpResponse

original = HttpResponse()
original.set_cookie('foo', 'bar', path='/blah', httponly=True, secure=True)

pickled = pickle.dumps(original, pickle.HIGHEST_PROTOCOL)
reloaded = pickle.loads(pickled)

# httponly and secure get lost in the pickle loading process!!
original.cookies['foo']['httponly']   # True
reloaded.cookies['foo']['httponly']   # ''

original.cookies['foo']['secure']     # True
reloaded.cookies['foo']['secure']     # ''

str(original.cookies)                 # 'Set-Cookie: foo=bar; httponly; Path=/blah; secure'
str(reloaded.cookies)                 # 'Set-Cookie: foo=bar; Path=/blah'

At this stage I'm unsure if it's a bug in Django or in Python. For the record, I've tested this with Python 2.7.5.

[Julien Phalip]

After discussing with Collin Anderson, we found that this is in fact a bug in Python. The HTTPOnly and Secure flags aren't properly deserialized: ​http://bugs.python.org/issue16611

One work-around in Django would be to replace the empty strings '' with True.

I'll see if we can get this fixed in Python first before settling on a given work-around.

[Tim Graham]

This has been fixed in Python 2.7.9, 3.3.3, and 3.4. Not sure it's worth adding a workaround in Django at this point.