Opened 10 years ago
Closed 10 years ago
#24634 closed Uncategorized (invalid)
Comma as a cookie separator in HTTP_COOKIES is not handled correctly
| Reported by: | Piotr Maliński | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.7 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
RFC https://www.ietf.org/rfc/rfc2109.txt states:
A server should also accept comma (,) as the separator between cookie-values for future compatibility.
And now Skype WISPr and iPassConnect user agents are using this separator and the cookies are not handled by Django correctly. A simple test:
client = test.Client(HTTP_COOKIE='zz=a,zzz=b,zzzz=c')
client.get('/')
Ends up with:
{'zz': 'a,zzz=b,zzzz=c'}
as request.COOKIES in Django.
Change History (2)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Django uses Python's cookie parsing, so if this is to be addressed at all, I think it should be addressed upstream. I'd check to see if a similar issue has been raised in the past before filing a bug.
Note:
See TracTickets
for help on using tickets.
It happens only if the cookies are separated by comma. Comma plus space works.