[New-bugs-announce] [issue41945] http.cookies.SimpleCookie.parse error after [keys]
Jan Novak
report at bugs.python.org
Mon Oct 5 11:19:46 EDT 2020
New submission from Jan Novak <xnovakj at seznam.cz>:
If brackets [] are around cookie name,
next cookie names are not loaded.
try:
import http.cookies as Cookie
except ImportError:
import Cookie
c = Cookie.SimpleCookie()
c.load('id=12345; [object Object]=data; something=not loaded')
print(c)
Note:
It could cause big problems with session etc.
We found that Chrome/Edge starts to save and send this type of cookies for some (couple) users. The origin of that [object Object]=... cookies are probably some implementation of
https://cookiepedia.co.uk/cookies/euconsent
and errors somewhere in external javascripts or browsers?
Related issues:
https://bugs.python.org/issue41695
https://bugs.python.org/issue27674
The same problem occures in P3.7, P2.7, six.moves.http_cookies etc.
I know RFT says that cookie-name can't use brackets.
But you can set them to browser cookies.
RFC 6265:
set-cookie-header = "Set-Cookie:" SP set-cookie-string
set-cookie-string = cookie-pair *( ";" SP cookie-av )
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
token = <token, defined in [RFC2616], Section 2.2>
RFC 2616:
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
----------
components: Library (Lib)
messages: 378041
nosy: xnovakj
priority: normal
severity: normal
status: open
title: http.cookies.SimpleCookie.parse error after [keys]
type: behavior
versions: Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41945>
_______________________________________
More information about the New-bugs-announce
mailing list