Simon Blanchard added the comment:
'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Baiduspider/2.0;
+http://www.baidu.com/search/spider.html)',
It's the Baidu spider according to the user agent string. (Baidu is the biggest
search engine in China.) The serving app is Django + mod_wsgi + Apache -
New submission from Simon Blanchard:
_LegalCharsPatt = r[\w\d!#%'~_`@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]
The above regex in cookies.py includes the the comma character but RFC 6265
https://tools.ietf.org/html/rfc6265 section 4.1.1 says:
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B /
R. David Murray added the comment:
This is a pragmatic choice. Try searching the tracker for 'cookie comma', and
read about the lack of adherence to cookie RFCs by the major browsers.
Specifically, I think issue 1210326 is relevant here, and am closing this as a
duplicate of that issue. If
Simon Blanchard added the comment:
I have a real world example. Using Apache, mod_wsgi and Django. Given this in
the META dict:
'HTTP_COOKIE': 'yaean_djsession=23ab7bf8b260cbb2f2bc80b1c1fd98fa,
yaean_yasession=ff2a3030ee3f428f91c6f554a63b459c',
Django via the Python cookie api gives this:
Graham Dumpleton added the comment:
For that cookie string to be valid in the first place, shouldn't it have been
sent as:
'HTTP_COOKIE': 'yaean_djsession=23ab7bf8b260cbb2f2bc80b1c1fd98fa;
yaean_yasession=ff2a3030ee3f428f91c6f554a63b459c'
IOW, semicolon as separator.
What client generated
