Can't use signed and marshalled cookies together.
-------------------------------------------------
Key: MODPYTHON-200
URL: http://issues.apache.org/jira/browse/MODPYTHON-200
Project: mod_python
Issue Type: Bug
Components: core
Affects Versions: 3.2.10
Reporter: Graham Dumpleton
Assigned To: Graham Dumpleton
Fix For: 3.3
As reported by Clodoaldo Pinto Neto on mailing list:
http://www.modpython.org/pipermail/mod_python/2006-October/022427.html
one cannot use signed and marshalled cookies together.
For example, with publisher code example:
from mod_python import Cookie
def makecookies(req):
c = Cookie.MarshalCookie('marshal', 'value', 'secret')
d = Cookie.SignedCookie('signed', 'value', 'secret')
Cookie.add_cookie(req, c)
Cookie.add_cookie(req, d)
return 'made\n' + str(req.headers_out)
def showcookies(req):
cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
s = 'There are %s cookies'% len(cookies)
for c in cookies.values():
s += '\n%s %s' % (str(c), type(c))
return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in)
if one access makecookies and then showcookies, you get:
Traceback (most recent call last):
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py",
line 1519, in HandlerDispatch
default=default_handler, arg=req, silent=hlist.silent)
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py",
line 1224, in _process_target
result = _execute_target(config, req, object, arg)
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py",
line 1123, in _execute_target
result = object(arg)
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py",
line 213, in handler
published = publish_object(req, object)
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py",
line 425, in publish_object
return publish_object(req,util.apply_fs_data(object, req.form, req=req))
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py",
line 546, in apply_fs_data
return object(**args)
File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies
cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py",
line 352, in get_cookies
return Class.parse(cookies, **kw)
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py",
line 254, in parse
c.unmarshal(secret)
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py",
line 282, in unmarshal
self.value = marshal.loads(base64.decodestring(self.value))
File
"/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py",
line 44, in decodestring
return binascii.a2b_base64(s)
Error: Incorrect padding
The problem is that Cookie.get_cookies() makes assumption that all cookies
being sent by browser will be of the same derived type, or are a basic cookie.
If mixing derived types and they are not compatible as far as unpacking goes,
the code will fail.
For starters, there should be a new function called Cookie.get_cookie() where
you name the cookie and it only tries to decode that one cookie. This new
method should also be used in the Session class instead of using
Cookie.get_cookies().
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
