id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33212	Incorrect cookie parsing by django.http.cookie.parse_cookie	Christos Georgiou	nobody	"I understand that the Python http.cookie has issues with invalid cookies that are anyway used in the wild. An example of such a cookie is (you'll probably see a cookie with raw JSON as value if you happen to use HotJar):

{{{
valid_cookie=12; invalid_cookie={""k1"": ""v1"", ""k2"": ""v2""}; valid_cookie2=""other value""
}}}

Python's parsing will only parse `valid_cookie`, while Django's django.http.cookie.parse_cookie will parse all of them.

However, this imaginary cookie is incorrectly parsed:

{{{
django_cookie=good_value; third_party=""some_cookie=some_value; django_cookie=bad_value""
}}}

{{{
>>> from django.http.cookie import parse_cookie
>>> parse_cookie('''django_cookie=good_value; third_party=""some_cookie=some_value; django_cookie=bad_value""''')
{'django_cookie': 'bad_value""', 'third_party': '""some_cookie=some_value'}
}}}

One would expect `django_cookie` to have `good_value`.

If you consider this as grave enough, I can supply a patch."	Bug	closed	Core (Other)	3.2	Normal	wontfix	cookies	Collin Anderson	Unreviewed	0	0	0	0	0	0