Thanks for the submitting this issue on trac.edgewall.org.
Investigating your cookies, this is caused by whitespaces in the value of the cookies, not unnamed cookies. Also, the issue has been filed at https://github.com/python/cpython/issues/75637 7 years ago, but still not fixed. Could you please try the following workaround? [[[ diff --git a/trac/web/api.py b/trac/web/api.py index 7f8b59bdc..f2b9b4519 100644 --- a/trac/web/api.py +++ b/trac/web/api.py @@ -612,15 +612,20 @@ class RequestDone(TracBaseError): class Cookie(SimpleCookie): + + _separator_re = re.compile(r'\s*;\s*', re.ASCII) + def load(self, rawdata, ignore_parse_errors=False): if ignore_parse_errors: self.bad_cookies = [] self._BaseCookie__set = self._loose_set - SimpleCookie.load(self, rawdata) - if ignore_parse_errors: + for item in self._separator_re.split(rawdata): + super().load(item) self._BaseCookie__set = self._strict_set for key in self.bad_cookies: del self[key] + else: + super().load(rawdata) _strict_set = BaseCookie._BaseCookie__set ]]] On Sunday, March 9, 2025 at 1:46:21 AM UTC+9 Chris Shelton wrote: Jun, After some additional review of the cookies in my environment, I believe that the presence of forward slashes or spaces in the values of cookies are what is causing the issue that I am seeing. When I manually remove each cookie that contained any spaces or forward slashes in the value of the cookie from my browser session, the login redirect loop stops and Trac behaves normally, until these cookies come back via accessing a university wide ERP system. The attached text file contains a slightly obfuscated set of my cookies, with several of the values replaced with X's. I believe that any cookie with a value that contains any of the "invalid characters" for cookie names, as mentioned here https://docs.python.org/3/library/http.cookies.html is causing this failure to parse any of the cookies in my session. In case it helps, my Trac environment will be running on the domain of test.prvt.controller.iu.edu. The cookies from our ERP system all have a domain of .iu.edu. Lastly, I have just opened https://trac.edgewall.org/ticket/13876 for this issue. Thanks again for your help! Chris -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/trac-users/8c3b2c38-b0c9-4802-ad76-b0d947fcf3d7n%40googlegroups.com.
