Opened 4 years ago
Last modified 3 years ago
#32191 closed Bug
Not RFC Compliant Cookie handling — at Version 1
Description (last modified by ) ¶
Hi
A Customer of mine is using a WAF which is handling Cookies as it is described tin the RFC: https://tools.ietf.org/html/rfc6265
The issue now is that Django is trying to use an escape-character in cookie-Values which is not supported in the RFC
an example of such a cookie:
messages=\"123\\\"NOTRECEIVED\""
Please consider to get this fixed so there can be a protection of this system.
Regards,
Nico
Note:
See TracTickets
for help on using tickets.