Opened 10 years ago
Closed 10 years ago
#24634 closed Uncategorized (invalid)
Comma as a cookie separator in HTTP_COOKIES is not handled correctly
Reported by: | Piotr Maliński | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 1.7 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
RFC https://www.ietf.org/rfc/rfc2109.txt states:
A server should also accept comma (,) as the separator between cookie-values for future compatibility.
And now Skype WISPr and iPassConnect user agents are using this separator and the cookies are not handled by Django correctly. A simple test:
client = test.Client(HTTP_COOKIE='zz=a,zzz=b,zzzz=c') client.get('/')
Ends up with:
{'zz': 'a,zzz=b,zzzz=c'}
as request.COOKIES in Django.
Change History (2)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Django uses Python's cookie parsing, so if this is to be addressed at all, I think it should be addressed upstream. I'd check to see if a similar issue has been raised in the past before filing a bug.
Note:
See TracTickets
for help on using tickets.
It happens only if the cookies are separated by comma. Comma plus space works.