django - Python not recognizing cookies in request header -
at work we've been developing python application (django specifically) intermittently seem behave if not recognizing of cookies being sent in request.
the issue not occur, once seems persist indefinitely. issue can resolved clearing cookies , reloading page.
the cookies valid (though there quite few 3rd-party ones in mix) , within maximum size supported both servers , browsers.
solution
if application needs interpret "cookie" header in python using "simplecookie" (widely used python libraries , frameworks), , website's domain has cookies set outside of control, avoid versions of python issue #22931 (https://bugs.python.org/issue22931) in play.
the bug existed in several versions of 3.3.x, 3.4.x , 3.5.x 2.7.9.
details
the issue's diagnosis ended being simple, thought i'd share here using more general language since searching issue didn't yield useful results until had been narrowed down existence of specific valid characters in few cookies.
in python 2.7.9 (and several versions of 3.x) there bug cookies "[" or "]" in values causes parsing of "cookie" header fail silently. since square brackets valid characters cookie value (http://www.rfc-editor.org/rfc/rfc6265.txt), , commonly used in 3rd party libraries issue can detrimental cookie driven functionality in web application.
it particularly elusive because termination of cookie parsing appears occur once attempts parse first cookie square bracket in value. means if cookies happen sent in different order issue may not occur.
for example
if request header formatted cookie: important_cookie=foobar; bad_character=[
"important_cookie"'s value available in application -- not have been if request header had been cookie: bad_character=[; important_cookie=foobar
.
once know square brackets causing issue, easy find underlying bug reported in python, honing in on underlying issue can chore.
Comments
Post a Comment