Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  Jeremy Dunck   |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  dev
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by Sarah Boyce):

 * stage:  Unreviewed => Accepted

Comment:

 With the concern from raised from RFC6265 as to whether we should do this,
 from what I read here:
 https://datatracker.ietf.org/doc/html/rfc6265#section-5.3

 > If the cookie store contains a cookie with the same name, domain, and
 path as the newly created cookie... [instructions on how to replace]

 I see no issue in two cookie's with the same name and uniqueness should be
 determined by the combination of name, domain and path.

 Based off how previously it was suggested this will be re-accepted
 providing there is a real world use-case, re-accepting.
-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018f7b82d073-c89df73e-e311-4ec0-ae1b-31e6e5d3acf4-00%40eu-central-1.amazonses.com.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+--
 Reporter:  Jeremy Dunck   |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  dev
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+--
Changes (by Claude Paroz):

 * stage:  Accepted => Unreviewed

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018f7af70b0e-02eaf7eb-7caf-46b7-9a00-0efa75444640-00%40eu-central-1.amazonses.com.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  Jeremy Dunck   |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  dev
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by Benjamin Vulpes):

 * resolution:  wontfix =>
 * status:  closed => new

Comment:

 This is some serious bug necromancy, but hear me out.

 My CDN supports presigned URLs and presigned cookies. Presigned URLs
 negate client-side caching. Their presigned cookie implementation forbids
 specifying more than one approved asset per cookie.

 This forces me to include multiple of these presigned cookies for my CDN's
 domain, with identical names, but paths for each asset, and to rely on the
 browser to use cookies' paths to identify which version of the cookie to
 send along with the request to the CDN.

 Definitely an edge case, but worth bringing up as I can't find an escape
 hatch to force Django to otherwise include cookies with the same name and
 domain, but different paths.
-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018f75d23315-87048b78-399c-48f2-ba16-fa7fdea71941-00%40eu-central-1.amazonses.com.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  closed
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:  wontfix
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by collinanderson):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Feel free to reopen if you think Django really needs this ability.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.532bc1ed97bc782ab70ca63a430c2404%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by collinanderson):

 The latest https://tools.ietf.org/html/rfc6265 says we should not do this,
 which makes me think it's not worth it. Is there a real-world problem that
 this would actually solve?

 {{{
Servers SHOULD NOT include more than one Set-Cookie header field in
the same response with the same cookie-name.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.fb7a1696aa427f56d625ac7dec576a2c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by stavros):

 We are currently getting a bug when a user has two sessionid cookies with
 different domains. The user then is completely unable to log in, getting
 redirected back to the homepage. It is related to this issue, but I'm not
 sure whether I should file a new ticket or not. I would suggest that, if
 the sessionid is expired, the cookies are deleted, but I'm not sure if
 it's actually expired or not. Login works, the user gets redirected to the
 root, and then the root sees that the user isn't authenticated and sends
 them back to login for ever. The user can only get out of this if they
 clear their cookies, which is a very significant bug.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.ef7796029fe78bb70564f8062016ac2f%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by unaizalakain):

 Related:
 - http://bugs.python.org/issue7504
 - http://bugs.python.org/issue1372650
 - http://bugs.python.org/issue1375011

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.3226140f9ba256931b048c71a6ecb145%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by unaizalakain):

 While a possible workaround could be to redefine SimpleCookie's method to
 check if some cookie exists, some structural issues would rise. What
 should we do if there're two cookies with the same name and
 SimpleCookie.get('cookie') is called?

 MorselKey's could be used to grab cookies from cookies dict but a lot of
 external code would change.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.3e6789dc771fa3dde39634f15dc236cc%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by unaizalakain):

 I have been fooling around with this little fix and one problem arises
 from the proposed solution: While the custom hash method prevents dict
 collisions, it also prevents from checking if some cookie already exists
 (as done by many contrib apps).

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.a74899b873c85d0258c3cdaf741f5931%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by jdunck):

 I believe so, yes.  Jacob accepted this ticket; there's been no debate on
 my suggested fix.  I am now a core committer and feel this is a decent way
 to fix the problem.

 I would point out that in the years since I wrote these notes, the
 versions of both django and supported python versions have changed - it's
 possible there's a better way now, though I don't have time to dig into it
 at the moment.

 Thanks for your interest. :)

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.2259cff7ae62b82c3928d6b6bc098429%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by unaizalakain):

 Would a MorselKey class implementing the aforementioned methods in
 django.http.cookie be right? If so, I'll submit a patch.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.302b0cda5d17aced9ae22177d52b2b99%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+
 Reporter:  jdunck |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by aaugustin):

 * owner:  ccahoon => nobody
 * version:  1.0 => master


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
---+-
   Reporter:  jdunck   |Owner:  ccahoon
   Type:  New feature  |   Status:  new
  Milestone:   |Component:  HTTP handling
Version:  1.0  | Severity:  Normal
 Resolution:   | Keywords:
   Triage Stage:  Accepted |Has patch:  0
Needs documentation:  0|  Needs tests:  0
Patch needs improvement:  0|
---+-
Changes (by SmileyChris):

 * type:   => New feature
 * severity:   => Normal


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
+---
  Reporter:  jdunck | Owner:  ccahoon
Status:  new| Milestone: 
 Component:  HTTP handling  |   Version:  1.0
Resolution: |  Keywords: 
 Stage:  Accepted   | Has_patch:  0  
Needs_docs:  0  |   Needs_tests:  0  
Needs_better_patch:  0  |  
+---
Changes (by ubernostrum):

  * milestone:  1.2 =>

Comment:

 1.2 is feature-frozen, moving this feature request off the milestone.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
+---
  Reporter:  jdunck | Owner:  ccahoon
Status:  new| Milestone:  1.2
 Component:  HTTP handling  |   Version:  1.0
Resolution: |  Keywords: 
 Stage:  Accepted   | Has_patch:  0  
Needs_docs:  0  |   Needs_tests:  0  
Needs_better_patch:  0  |  
+---
Changes (by ccahoon):

  * owner:  nobody => ccahoon

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
+---
  Reporter:  jdunck | Owner:  nobody
Status:  new| Milestone:  1.2   
 Component:  HTTP handling  |   Version:  1.0   
Resolution: |  Keywords:
 Stage:  Accepted   | Has_patch:  0 
Needs_docs:  0  |   Needs_tests:  0 
Needs_better_patch:  0  |  
+---
Changes (by jacob):

  * stage:  Unreviewed => Accepted
  * milestone:  => 1.2

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

Re: [Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
+---
  Reporter:  jdunck | Owner:  nobody
Status:  new| Milestone:
 Component:  HTTP handling  |   Version:  1.0   
Resolution: |  Keywords:
 Stage:  Unreviewed | Has_patch:  0 
Needs_docs:  0  |   Needs_tests:  0 
Needs_better_patch:  0  |  
+---
Comment (by jdunck):

 OK, here's a plan for fix:

 Currently, Django's response.cookies is an instance of stdlib's
 Cookie.SimpleCookie(BaseCookie).

 BaseCookie is a subclass of dict, and so makes the assumption that there
 will be only one Morsel (that is, serializable cookie) per key.  Key is
 assumed to be string, because BaseCookie does things like .lower and
 .translate on it, and therefore, there can only be one morsel per cookie
 name.

 Here's the fix/hack: create a class which responds to the basestring
 methods, and takes all the HTTP-pertinent parameters (that is, name, path,
 domain, secure) into account for __cmp__ and __hash__.  Alter set_cookie
 to create an instance of that class as the key given to SimpleCookie.
 Respond to __str__ with just the cookie name.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

[Django] #10554: Response.set_cookie should allow setting two cookies of the same name.

[Django]

#10554: Response.set_cookie should allow setting two cookies of the same name.
-+--
   Reporter:  jdunck |Owner:  nobody
 Status:  new|Milestone:
  Component:  HTTP handling  |  Version:  1.0   
   Keywords: |Stage:  Unreviewed
  Has_patch:  0  |   Needs_docs:  0 
Needs_tests:  0  |   Needs_better_patch:  0 
-+--
 Since cookies have domain and path properties, this is a sensible thing to
 do:

 {{{
 response.set_cookie('x', path='/foo/', expires=)
 response.set_cookie('x', path='/bar/', expires=)
 }}}

 It'd be nice if Django allowed this.  Sadly, I think this would mean
 moving away from Cookie.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---