[prev in list] [next in list] [prev in thread] [next in thread]
List: python-patches
Subject: [Patches] [ python-Patches-1157027 ] cookielib mis-handles RFC 2109
From: noreply () sourceforge ! net (SourceForge ! net)
Date: 2005-12-23 21:45:20
Message-ID: E1Epuj2-0008Us-T0 () sc8-sf-web1 ! sourceforge ! net
[Download RAW message or body]
Patches item #1157027, was opened at 2005-03-04 15:09
Message generated for change (Comment added) made by nnorwitz
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1157027&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Library (Lib)
Group: Python 2.5
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: John J Lee (jjlee)
>Assigned to: Neal Norwitz (nnorwitz)
Summary: cookielib mis-handles RFC 2109 cookies in Netscape mode
Initial Comment:
cookielib treats RFC 2109 cookies as RFC 2965 even when
functioning as a pure Netscape protocol implementation
(ie. when RFC 2965 handling is disabled by setting a
CookiePolicy instance's rfc2965 attribute false). This
is not correct: the Netscape cookie protocol, in the
absence of RFC 2965 (yes, BTW: RFC 2965 and its
unfinished errata say that RFC 2965 and Netscape
handling are supposed to interact with each other, in
complicated and ill-defined ways), treats RFC 2109
cookies as Netscape cookies.
Background: The Netscape protocol is an ad-hoc
standard defined by the MSIE and Mozilla browser
implementations. A Netscape cookie is one set in the
Set-Cookie header with no version cookie-attribute. An
RFC 2109 cookie is a one set in the Set-Cookie header
with a version cookie-attribute of 1. An RFC 2965
cookie is a one set in the Set-Cookie2 (note the '2')
header with a version cookie-attribute of 1. Popular
browsers treat RFC 2109 cookies as Netscape cookies
(which, ad-hoc as Netscape cookies are, effectively
include a few bits and pieces from the 2109 standard).
The bug breaks apps like Mailman that (naively or
stubbornly) send RFC 2109 cookies.
The patch treats RFC 2109 cookies as Netscape cookies
if RFC 2965 handling is turned off. (It also removes
two no-op lines of code at around line 1304). Test and
doc patches are included. 2.4 backport candidate.
(The bug was uncovered by the switch, in the patch
originally accepted to Python stdlib, to RFC 2965
handling being off by default. Earlier versions of
ClientCookie had RFC 2965 off by default.)
----------------------------------------------------------------------
>Comment By: Neal Norwitz (nnorwitz)
Date: 2005-12-23 13:45
Message:
Logged In: YES
user_id=33168
Since there were API changes, I did not backport this to 2.4
Committed revision 41802.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2005-12-05 14:28
Message:
Logged In: YES
user_id=261020
Since this didn't get applied in 2.4.1 or 2.4.2, I have
uploaded a new patch for 2.5, and deleted the original patch
attached to this tracker item. Tests and documentation
changes are included in the patch.
In addition to fixing the bug described in the original
patch comment, this patch (rfc2109-2.patch) adds two new
attributes (hence should not be back-ported):
1. Cookie instances have an rfc2109 attribute.
This attribute is true if the cookie was received as an RFC
2109 cookie (ie. the cookie arrived in a
\mailheader{Set-Cookie} header, and the value of the Version
cookie-attribute in that header was 1).
2. DefaultCookiePolicy instances have an rfc2109_as_netscape
attribute.
Assigning to this attribute allows explicit control over
whether RFC 2109 cookies are 'downgraded' to Netscape cookies.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2005-03-04 15:11
Message:
Logged In: YES
user_id=261020
> (...Earlier versions of ClientCookie had RFC 2965 off by
default.)
I meant to say:
> (...Earlier versions of ClientCookie had RFC 2965 on by
default.)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1157027&group_id=5470
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic