Paul McMillan <[email protected]> writes: > Yes, SimpleCookie is known to be an unpickleable class. We shouldn't > be directly pickling it anywhere in Django. In your code, you should > probably turn the cookie into a string before caching it. I'm not > clear if the bug you're experiencing is happening in Django's code or > something your application is doing directly with SimpleCookie.
[snip] > I think that your provided test case is trying to do something that is > explicitly not supported, but I'm unclear on whether or not there is > an issue in Django-provided code. Could you provide a little more > information? Hi Paul, I am not trying to pickle SimpleCookie directly -- in fact, I enabled the cache middlewares in settings.py and then set CACHE_BACKEND to 'file:///some/directory'. I then had a view with no specific cache decorators, but since the session backend is also on it added the `Vary: Cookie' header. After that, I started noticing that a login page including the `csrf_token' tag started repeating the token when I used curl to access it without providing any cookies or login credentials. And after the first time I accessed it, the Set-Cookie header started misbehaving like it did in the test case I attached -- instead of looking like Set-Cookie: foo=bar; other-parameters; it was looking like Set-Cookie: foo="Set-Cookie: foo=bar; other-parameters;" and the value in the csrf tag was being expanded to something along the lines of "Set-Cookie: foo=bar; other-parameters;", so validation failed later. Some investigation led me to find the problem in the cache backend I was using, as the cookies inside the cached HttpResponse were being serialized incorrectly and later picked by FetchFromCacheMiddleware. -- Raphael Kubo da Costa ProFUSION embedded systems http://profusion.mobi -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
