id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26158	cookie parsing fails with python 3.x if request contains unnamed cookie	Andreas Dolk	Tim Graham	"Example:

{{{#!python
  from http import cookies
  good_cookie = 'csrftoken=5lkzK7FCI2iWy2xi7wbZPI7P26qbspIE; django_language=en'
  print(cookies.parse_cookie(good_cookie))
  bad_cookie = 'csrftoken=5lkzK7FCI2iWy2xi7wbZPI7P26qbspIE; unnamed; django_language=en'
  print(cookies.parse_cookie(bad_cookie))
}}}

Output:
{{{
  {'csrftoken': '5lkzK7FCI2iWy2xi7wbZPI7P26qbspIE', 'django_language': 'en'}
  {}
}}}

This parsing method is used during processing WSGI requests (see: django.core.handlers.wsgi.py)

If a request contains at least one nameless cookie, then the parser result is an empty dictionary. The nameless cookie may be present in the client (browser) and this cause at least two serious problems for django:

* django will not see the session cookie (user is asked to login again)
* csrf validation fails with an error message (csrf cookie not set - because the middleware doesn't see it)

It worked, btw., with python 2.7.

Remark:
Nameless cookies shouldn't happen - but in our case there's a different web application on the parent domain that sometimes sets a nameless cookie. Even though that this is a bug, it makes our django app quite unusable due to the cookie parsing and we'd have to ask the users to constantly delete the cookies on their browsers (or avoid the other app). Those cookies are evil but we have to expect them in real life :/"	Bug	closed	HTTP handling	1.8	Normal	fixed	cookie python3	will@… zachborboa@…	Ready for checkin	1	0	0	0	0	0