quetz-mod_python-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregory (Grisha) Trubetskoy" <gri...@apache.org>
Subject Re: [mod_python] Cookie patch
Date Sun, 16 Jan 2005 02:25:38 GMT

On Sat, 15 Jan 2005, Nicolas Lehuen wrote:

> Anyway, my advice is that we should support RFC 2965 cookies

There isn't much to "support" per se, the actual support belongs on the 
browser side (obeying $Path, $Max-Age, etc.).

> either by silently discarding $ attributes

I think discarding is bad (and that's what the patch seems to do). $Path 
is not the same thing as Path and we should not silently replace one with 
the other. (And what if a cookie has both Path and $Path)?

> or by fully supporting them;

Which pretty much just means adding them to _valid_attr.

> but we cannot keep throwing exceptions at the users whose browser is 
> unlucky enough to use RFC 2965.

Cookies come from servers, I'm not sure I understand this.

> I must confess I didn't do my homework properly - I've only read the
> first RFC, not the 2965. So I'll have a look at the link you mentioned
> above to get a little perspective on the subject.

My main point is that this thread and subsequent patches were triggered by 
a cookie that appears to be completely bogus in the first place, and 
perhaps it's not so bad that an exception was triggered.

In any event, I think we need to keep this discussion going, because I 
don't have a good feeling that due dilligence has been done here. 
Admittedly, the Cookie.py module isn't perfect, but I'm not sure that 
we're making it any better... I'd prefer something took more time, but 
we were certain it was done right :-)


View raw message