[ http://issues.apache.org/jira/browse/MODPYTHON-3?page=all ] Graham Dumpleton closed MODPYTHON-3: ------------------------------------
> mod_python cannot parse cookies with $-prefixed attributes > ---------------------------------------------------------- > > Key: MODPYTHON-3 > URL: http://issues.apache.org/jira/browse/MODPYTHON-3 > Project: mod_python > Type: Bug > Versions: 3.1.3 > Reporter: Nicolas Lehuen > Assignee: Nicolas Lehuen > Fix For: 3.2.7 > > Craig Warren (to mod_python, python-dev) > I found an error while with Cookie module. When the cookie module parses a > cookie, if that cooke has $Version or $Path in it you get an error. My cookie > is coming from a java libaray, that puts $Version and $Path in it. > example ="Cookie: $Version=0; pysid=34a9b38c34;$Path=/" > RFC 2109 mentions $Version and $Path in Section 4.4 > http://www.faqs.org/rfcs/rfc2109.html > 4.4 How an Origin Server Interprets the Cookie Header > A user agent returns much of the information in the Set-Cookie header > to the origin server when the Path attribute matches that of a new > request. When it receives a Cookie header, the origin server should > treat cookies with NAMEs whose prefix is $ specially, as an attribute > for the adjacent cookie. The value for such a NAME is to be > interpreted as applying to the lexically (left-to-right) most recent > cookie whose name does not have the $ prefix. If there is no > previous cookie, the value applies to the cookie mechanism as a > whole. For example, consider the cookie > Cookie: $Version="1"; Customer="WILE_E_COYOTE"; > $Path="/acme" > $Version applies to the cookie mechanism as a whole (and gives the > version number for the cookie mechanism). $Path is an attribute > whose value (/acme) defines the Path attribute that was used when the > Customer cookie was defined in a Set-Cookie response header. > In Cookie.py it looks like the code was in place to deal with $Version and > $Path, but not finished > from _parse_cookie() > line ~321 > l_key = key.lower() > > if (l_key in valid or key[0] == '$'): > > # "internal" attribute, add to cookie > if l_key == "max-age": > l_key = "max_age" > setattr(c, l_key, val) > The above code checks for the $, but doesn't do anything with it and in fact > when it tries to do a setattr with $Version or $Path, you get an error. > I modified the function to be > l_key = key.lower() > > if (l_key in valid or key[0] == '$'): > > # "internal" attribute, add to cookie > if l_key == "max-age": > l_key = "max_age" > if key[0] == '$': > l_key = l_key[1:] > setattr(c, l_key, val) > Don't know if this is exactly the correct fix, but it works for me and I > thought that I would email the list. I tried to subscribe to > python-dev@httpd.apache.org, but haven't gotten a response back yet, I CC > this message to python-dev@httpd.apache.org also. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira