id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
25458	Cookie parse error with wrong django.contrib.message	Maciej Pawlisz	Tim Graham	"I am using Django CMS  and BrowserSync and after some action in admin I have the following Cookie header:

{{{
django_language=en; messages=8702c54129af91621524927d13d81146d5e2d409$[[\""__json_message\""\0540\05425\054\""stron\\u0119 \\\""Czego uczymy\\\"" dodany pomy\\u015blnie.\""]]; sessionid=p5t47jhl24n5jks53a40sks2hhxdsot1; csrftoken=h976zQTkIMW9QhWWBAvwhC8q3xpgJ7s5
}}}
Unfortunately Django does not parse it correctly:

{{{
In [4]: cookie.parse_cookie('django_language=en; messages=8702c54129af9162152492
7d13d81146d5e2d409$[[\""__json_message\""\0540\05425\054\""stron\""]]; sessionid=p5t
47jhl24n5jks53a40sks2hhxdsot1; csrftoken=h976zQTkIMW9QhWWBAvwhC8q3xpgJ7s5')
Out[4]: {'django_language': 'en'}
}}}

As you can imagine sessions stop working, because parsing stops after first error.
Parse error is actually caused by BrowserSync (it does not send double quotes around message, I filed a bug report about that https://github.com/BrowserSync/browser-sync/issues/842). Unfortunately Django is not able to recover from that error, and this wrong cookie stays forever so you cannot log in, or send POST request to a website.

Everything works  fine when I delete `messages` from the cookie:

{{{
In [5]: cookie.parse_cookie('django_language=en; sessionid=p5t47jhl24n5jks53a40s
ks2hhxdsot1; csrftoken=h976zQTkIMW9QhWWBAvwhC8q3xpgJ7s5')
Out[5]:
{'csrftoken': 'h976zQTkIMW9QhWWBAvwhC8q3xpgJ7s5',
 'django_language': 'en',
 'sessionid': 'p5t47jhl24n5jks53a40sks2hhxdsot1'}
}}}


My Python version is 2.7.10."	Bug	closed	HTTP handling	1.8	Normal	duplicate			Accepted	0	0	0	0	0	0