New submission from keakon: One of my user told me that she couldn't login to my website yesterday. I logged her cookie, and found it began with ',BRIDGE_R=;' which was a malformed cookie. Tornado uses Cookie.SimpleCookie.load() to parse her cookie, and returns an empty dict when catching an exception such as CookieError.
In that case, Tornado has to treat her as a new user since it believes she didn't provide any cookies. Even after Tornado tried to set cookie (like user_id) for her, it still couldn't parse her cookie the next time. I checked Issue2193 and found the patch provided by spookylukey could fix the bug, but it was rejected. Why not add a default parameter like strict=True, and let users to decide whether to ignore invalid keys or to raise an error? I believe SimpleCookie is useless for handling malformed cookies right now. If it's still not acceptable, should I implement my own Cookie class for Tornado like Django did (https://github.com/django/django/blob/master/django/http/cookie.py)? ---------- components: Library (Lib) messages: 183367 nosy: georg.brandl, keakon, spookylukey priority: normal severity: normal status: open title: Handle malformed cookie type: behavior versions: Python 2.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17340> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
