#27328: return `Set-Cookie` if sessionid= None value
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: nobody
Cami |
Type: Bug | Status: new
Component: HTTP handling | Version: 1.10
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Collin Anderson):
Hi Ramin,
The goal of `parse_cookie()` is to try to give an exact as possible `dict`
representation of the `Cookie:` header. It seems intuitive to me that
`sessionid=; csrftoken=d` would translate to `{'sessionid': '',
'csrftoken': 'd'}`. You want `parse_cookie()` to ignore cookies with no
value, but Django has always kept cookies with empty values like these,
even before I refactored the parse_cookie code recently. Before that
Django used Python's Cookie library to parse cookies, which also keeps
cookies with empty values.
Even if we were to change Django to not delete empty `sessionid` cookies,
that should be a change to the _session_ code (to not call `delete_cookie`
in that case), not a change to the cookie parsing code. Does that seem
right?
--
Ticket URL: <https://code.djangoproject.com/ticket/27328#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.e34b9f2dcfe052a212f8572b5f220606%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
