RFC 2965 cookies, cookielib, and mailman.
Titus Brown
titus at caltech.edu
Sun Feb 13 15:49:38 EST 2005
For the record, re
http://mail.python.org/pipermail/python-list/2004-December/257422.html
and
http://www.gossamer-threads.com/lists/python/python/380607
cheers,
--titus
----- Forwarded message from John J Lee <jjl at pobox.com> -----
X-Original-To: titus at caltech.edu
From: John J Lee <jjl at pobox.com>
To: Titus Brown <titus at caltech.edu>
Subject: Re: RFC 2965 cookies, cookielib, and mailman.
X-Spam-Status: No, hits=0.0 tagged_above=-100000.0 required=5.0 tests=
X-Spam-Level:
If you don't mind, could you forward this reply to python-list at python.org
and wwwsearch-general at lists.sourceforge.net, for the record?
On Sun, 6 Feb 2005, Titus Brown wrote:
[...]
> -> > In any case, the way to make the cookielib example work for mailman is
> -> > like so:
> -> >
> -> > policy = cookielib.DefaultCookiePolicy(rfc2965=True)
> -> > cj = cookielib.LWPCookieJar('cookies.lwp', policy=policy)
> ->
> -> Hmm, cookielib should work if IE and Mozilla do, so that's a bug :(
> -> You shouldn't need to turn on 2965 handling.
> ->
> -> Do you have a script that demonstrates the problem, so I can fix it?
>
> Attached. By the by, thanks for fixing that cookiejar bug back in
[...]
> In the attached code, just change the True/False setting of the rfc2965
> flag in the DefaultCookiePolicy and you'll see that in one case a
> cookie is correctly handled and in the other it is not. You're welcome
> to try the same URL with browsers:
[...snip details...]
Thanks for the bug report, Titus.
Damn, I wish I'd seen this bug before 2.4.0 was released.
Workaround, as you illustrate above, is to switch on RFC 2965 handling.
Looking at it, the problem seems blindingly obvious: I'm treating what is
in fact an RFC 2109 (not 2965) cookie from MailMan as though it were a
2965 cookie instead of as a Netscape cookie (a deliberate choice). This
didn't cause trouble in ClientCookie 0.4. when 2965 handling was on by
default. Now that it's off by default in cookielib and ClientCookie 1.0,
though (because 2965, and 2109 also, pretty much, are simply unimplemented
in popular browsers: ie. Firefox and MSIE), it breaks apps like Mailman
that, naively or stubbornly, send version=1 cookies. Real browsers treat
RFC 2109 cookies as Netscape cookies (which, ad-hoc as Netscape cookies
are, effectively include a few bits and pieces from the 2109 standard), so
this behaviour is just plain wrong. The fix is easy, will upload a patch
to SF.
Bah.
John
----- End forwarded message -----
More information about the Python-list
mailing list