[Django] #20755: Certain cookie flags don't get unpickled properly

Wed, 17 Jul 2013 00:18:27 -0700 

#20755: Certain cookie flags don't get unpickled properly
------------------------------------------------+------------------------
               Reporter:  julien                |          Owner:  nobody
                   Type:  Bug                   |         Status:  new
              Component:  Core (Serialization)  |        Version:  master
               Severity:  Normal                |       Keywords:
           Triage Stage:  Unreviewed            |      Has patch:  0
    Needs documentation:  0                     |    Needs tests:  0
Patch needs improvement:  0                     |  Easy pickings:  0
                  UI/UX:  0                     |
------------------------------------------------+------------------------
 I've noticed that some cookie flags (at least `httponly` and `secure`) do
 not properly get unpickled. This is an issue particularly for
 `FetchFromCacheMiddleware` when it unpickles a cached response object.

 So far I've narrowed down the issue to this snippet of code:

 {{{#!python
 import pickle
 from django.http import HttpResponse

 original = HttpResponse()
 original.set_cookie('foo', 'bar', path='/blah', httponly=True,
 secure=True)

 pickled = pickle.dumps(original, pickle.HIGHEST_PROTOCOL)
 reloaded = pickle.loads(pickled)

 # httponly and secure get lost in the pickle loading process!!
 original.cookies['foo']['httponly']   # True
 reloaded.cookies['foo']['httponly']   # ''

 original.cookies['foo']['secure']     # True
 reloaded.cookies['foo']['secure']     # ''

 str(original.cookies)                 # 'Set-Cookie: foo=bar; httponly;
 Path=/blah; secure'
 str(reloaded.cookies)                 # 'Set-Cookie: foo=bar; Path=/blah'
 }}}

 At this stage I'm unsure if it's a bug in Django or in Python. For the
 record, I've tested this with Python 2.7.5.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/20755>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/049.e097c07d1a96577357c2b097245f9486%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to