#13007: Django fails to log in when a cookie is set on the same domain
containing a
colon
------------------------------------+---------------------------------------
Reporter: Warlax | Owner: nobody
Status: reopened | Milestone:
Component: HTTP handling | Version: SVN
Resolution: | Keywords: cookies
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 1 |
------------------------------------+---------------------------------------
Changes (by Ubercore):
* status: closed => reopened
* needs_better_patch: 0 => 1
* version: 1.1 => SVN
* resolution: worksforme =>
Comment:
I've added a test case to illustrate what I think is going on here. The
culprit in my case was Glassfish running on the same server. Its admin
console adds this cookie:
{{{
form:tree-hi=;
}}}
This breaks cookie parsing, and no cookies appear in the request.
Including the csrf token. I think the ideal case here is to lose only the
non-standard cookies, instead of returning a blank dict when a CookieError
is raised. This is, I think, what Trac has done.
http://bugs.python.org/issue2193
http://trac.edgewall.org/ticket/2256
--
Ticket URL: <http://code.djangoproject.com/ticket/13007#comment:4>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
