Can't use signed and marshalled cookies together. -------------------------------------------------
Key: MODPYTHON-200 URL: http://issues.apache.org/jira/browse/MODPYTHON-200 Project: mod_python Issue Type: Bug Components: core Affects Versions: 3.2.10 Reporter: Graham Dumpleton Assigned To: Graham Dumpleton Fix For: 3.3 As reported by Clodoaldo Pinto Neto on mailing list: http://www.modpython.org/pipermail/mod_python/2006-October/022427.html one cannot use signed and marshalled cookies together. For example, with publisher code example: from mod_python import Cookie def makecookies(req): c = Cookie.MarshalCookie('marshal', 'value', 'secret') d = Cookie.SignedCookie('signed', 'value', 'secret') Cookie.add_cookie(req, c) Cookie.add_cookie(req, d) return 'made\n' + str(req.headers_out) def showcookies(req): cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret') s = 'There are %s cookies'% len(cookies) for c in cookies.values(): s += '\n%s %s' % (str(c), type(c)) return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in) if one access makecookies and then showcookies, you get: Traceback (most recent call last): File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1519, in HandlerDispatch default=default_handler, arg=req, silent=hlist.silent) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1224, in _process_target result = _execute_target(config, req, object, arg) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1123, in _execute_target result = object(arg) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 213, in handler published = publish_object(req, object) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 425, in publish_object return publish_object(req,util.apply_fs_data(object, req.form, req=req)) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", line 546, in apply_fs_data return object(**args) File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret') File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 352, in get_cookies return Class.parse(cookies, **kw) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 254, in parse c.unmarshal(secret) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 282, in unmarshal self.value = marshal.loads(base64.decodestring(self.value)) File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", line 44, in decodestring return binascii.a2b_base64(s) Error: Incorrect padding The problem is that Cookie.get_cookies() makes assumption that all cookies being sent by browser will be of the same derived type, or are a basic cookie. If mixing derived types and they are not compatible as far as unpacking goes, the code will fail. For starters, there should be a new function called Cookie.get_cookie() where you name the cookie and it only tries to decode that one cookie. This new method should also be used in the Session class instead of using Cookie.get_cookies(). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira