quetz-mod_python-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicolas Lehuen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MODPYTHON-3) mod_python cannot parse cookies with $-prefixed attributes
Date Thu, 13 Jan 2005 21:04:19 GMT
     [ http://issues.apache.org/jira/browse/MODPYTHON-3?page=comments#action_57599 ]
Nicolas Lehuen commented on MODPYTHON-3:

I have taken this opportunity to revamp the code a little bit ; I checked it against the cookies
implementation in Jetty (see 

Here is the new _parse_cookie function :

def _parse_cookie(str, Class):
   # XXX problem is we should allow duplicate
   # strings
   result = {}

   all_cookies_attribute = {}

   valid = Cookie._valid_attr

   c = None
   matchIter = _cookiePattern.finditer(str)

   for match in matchIter:

       key, val = match.group("key"), match.group("val")

       # we will check whether the cookie name is a valid attribute name
       # for the previous cookie.
       # see http://www.faqs.org/rfcs/rfc2109.html part 4.4
       l_key = key.lower()
       # fix from Craig Warren
       if l_key[0]=='$':
       if l_key == "max-age":
           l_key = "max_age"

       if l_key in valid:
           if not c:
               # 'global' attribute, will be added to all cookies
               # "internal" attribute, add to cookie
               setattr(c, l_key, val)
           # start a new cookie
           # we don't use l_key so that we keep the initial name
           # this way we are consistent with the creation of the first cookie
           # as done in the previous version of the function
           c = Class(key, val)
           result[key] = c

           # XXX this is a bit heavyweight since usually we'll have only 0 or 1
           # global attribute...
           for key, val in all_cookies_attribute.items():

   return result

> mod_python cannot parse cookies with $-prefixed attributes
> ----------------------------------------------------------
>          Key: MODPYTHON-3
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-3
>      Project: mod_python
>         Type: Bug
>     Versions: 3.1.3
>     Reporter: Nicolas Lehuen

> Craig Warren (to mod_python, python-dev)
> I found an error while with Cookie module.  When the cookie module parses a cookie, if
that cooke has $Version or $Path in it you get an error. My cookie is coming from a java libaray,
that puts $Version and $Path in it.
> example ="Cookie: $Version=0; pysid=34a9b38c34;$Path=/"
> RFC 2109 mentions $Version and $Path in Section 4.4
> http://www.faqs.org/rfcs/rfc2109.html
> 4.4  How an Origin Server Interprets the Cookie Header
>    A user agent returns much of the information in the Set-Cookie header
>    to the origin server when the Path attribute matches that of a new
>    request.  When it receives a Cookie header, the origin server should
>    treat cookies with NAMEs whose prefix is $ specially, as an attribute
>    for the adjacent cookie.  The value for such a NAME is to be
>    interpreted as applying to the lexically (left-to-right) most recent
>    cookie whose name does not have the $ prefix.  If there is no
>    previous cookie, the value applies to the cookie mechanism as a
>    whole.  For example, consider the cookie
>    Cookie: $Version="1"; Customer="WILE_E_COYOTE";
>            $Path="/acme"
>    $Version applies to the cookie mechanism as a whole (and gives the
>    version number for the cookie mechanism).  $Path is an attribute
>    whose value (/acme) defines the Path attribute that was used when the
>    Customer cookie was defined in a Set-Cookie response header.
> In Cookie.py it looks like the code was in place to deal with $Version and $Path, but
not finished
> from  _parse_cookie()
> line ~321
>  l_key = key.lower()
>         if (l_key in valid or key[0] == '$'):
>             # "internal" attribute, add to cookie
>             if l_key == "max-age":
>                 l_key = "max_age"
>             setattr(c, l_key, val)
>  The above code checks for the $, but doesn't do anything with it and in fact when it
tries to do a setattr with $Version or $Path, you get an error.
> I modified the function to be
> l_key = key.lower()
>         if (l_key in valid or key[0] == '$'):
>             # "internal" attribute, add to cookie
>             if l_key == "max-age":
>                 l_key = "max_age"
>             if key[0] == '$':
>                 l_key = l_key[1:]
>             setattr(c, l_key, val)
> Don't know if this is exactly the correct fix, but it works for me and I thought that
I would email the list.  I tried to subscribe to python-dev@httpd.apache.org, but haven't
gotten a response back yet, I CC this message to python-dev@httpd.apache.org also.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

View raw message