Invalid Cookies cause Stacktrace in middleware
|Reported by:||axiak||Owned by:||nobody|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
If someone uses SessionMiddlware, any request with invalid cookies will result in a stack trace. For instance, someone visited a site with the cookie "lang:xml=ru".
If one were to use wget, you can repeat this on a number of sites:
$ wget --header "Cookie: lang:xml=ru" http://www.djangoprojects.com --09:06:39-- http://www.djangoproject.com/ => `-' Resolving www.djangoproject.com... 22.214.171.124 Connecting to www.djangoproject.com|126.96.36.199|:80... connected. HTTP request sent, awaiting response... 500 Internal Server Error 09:06:40 ERROR 500: Internal Server Error.
(It's also amazing how many Django developers are lazy enough to leave PythonDebug on, but that's not fixable.)
Attached is a patch to have invalid cookies result in no cookies at all, along with a test.
Someone might decide to emit a warning or something, that's not included in this patch.
Change History (4)
Changed 7 years ago by axiak
comment:1 Changed 7 years ago by axiak
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 7 years ago by mtredinnick
- Triage Stage changed from Unreviewed to Ready for checkin