#13007: Django fails to log in when a cookie is set on the same domain
containing a
colon
----------------------------------------+-----------------------------------
Reporter: Warlax | Owner: nobody
Status: reopened | Milestone: 1.3
Component: HTTP handling | Version: SVN
Resolution: | Keywords: cookies, sprintdec2010
Stage: Ready for checkin | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
----------------------------------------+-----------------------------------
Changes (by tttallis):
* keywords: cookies => cookies, sprintdec2010
* needs_better_patch: 1 => 0
* stage: Unreviewed => Ready for checkin
* milestone: => 1.3
Comment:
Spent a bit of time reviewing this ticket during the sprint.
A few points:
* While "A colon *should* be a valid value in a cookie", this ticket is
actually about cookies with a colon in the '''name'''. While there is some
uncertainty about what characters are legal in cookie names, most folks
seem to thing colons aren't kosher.
* In any case, I followed the instructions, and with some fiddling was
able to reproduce the problem. I failed to reproduce it in Safari (it
looked like maybe Safari 'censored' the cookie with the colon), but
managed to definitively reproduce it in Firefox.
* The patch takes a reasonable, prudent approach, and solves the issue
cited
* The unittest isn't exactly conclusive but I can't think of a better way
to test this - it's not exactly an easy situation to reproduce
I say let check it in!
--
Ticket URL: <http://code.djangoproject.com/ticket/13007#comment:6>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
