Changes between Initial Version and Version 1 of Ticket #26158, comment 2
- Timestamp:
- Jan 31, 2016, 10:58:00 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #26158, comment 2
initial v1 1 Django relies on the python core module http.cookies for parsing the cookie strings. Right now, django apps that run with python 3.x are vulnerable and stop working, if the request contains a nameless cookie. It would be great, if the python devs accepted this as a bug (i.e. ignore unnamed cookies and create all the others instead on none). But there's no guarantee and in the end s, it's not python but our django app (and our clients) that stops working...1 Django relies on the python core module http.cookies for parsing the cookie strings. Right now, django apps that run with python 3.x are vulnerable and stop working, if the request contains a nameless cookie. It would be great, if the python devs accepted this as a bug (i.e. ignore unnamed cookies and create all the others instead on none). But there's no guarantee and in the end, it's not python but our django app that stops working and my clients complain. 2 2 3 3 An alternative could be to split the cookie at ';' and load the cookies one by one. As far as I understand, the correct cookies will be created, the unnamed ones ignored.