[issue17340] Handle malformed cookie
keakon
report at bugs.python.org
Sat Mar 9 05:16:10 CET 2013
keakon added the comment:
Terry, I think that's the standard process of web applications.
1. The user agent send cookie via HTTP headers to the web server.
2. The web server parse its cookie. If the server fails to find something proves the user has logged in from his cookie, redirect him to the login page.
3. The user agent post login information to the web server.
4. The web server verify the post data. If it's correct, the server send Set-Cookie headers which can be used as a proof in the step 2 to the user agent.
After the 4 steps, the user agent should be considered as a logged-in user.
However, in the step 2, the server cannot parse his cookie duo to CookieError. It has to redirect the user to the login page and continue the next steps.
I don't think there is anything wrong with the process except the strange behavior of Cookie.SimpleCookie.load().
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17340>
_______________________________________
More information about the Python-bugs-list
mailing list