[ https://issues.apache.org/jira/browse/MODPYTHON-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Graham Dumpleton closed MODPYTHON-200. -------------------------------------- > Can't use signed and marshalled cookies together. > ------------------------------------------------- > > Key: MODPYTHON-200 > URL: https://issues.apache.org/jira/browse/MODPYTHON-200 > Project: mod_python > Issue Type: Bug > Components: core > Affects Versions: 3.2.10 > Reporter: Graham Dumpleton > Assigned To: Graham Dumpleton > Fix For: 3.3 > > > As reported by Clodoaldo Pinto Neto on mailing list: > http://www.modpython.org/pipermail/mod_python/2006-October/022427.html > one cannot use signed and marshalled cookies together. > For example, with publisher code example: > from mod_python import Cookie > def makecookies(req): > c = Cookie.MarshalCookie('marshal', 'value', 'secret') > d = Cookie.SignedCookie('signed', 'value', 'secret') > Cookie.add_cookie(req, c) > Cookie.add_cookie(req, d) > return 'made\n' + str(req.headers_out) > def showcookies(req): > cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret') > s = 'There are %s cookies'% len(cookies) > for c in cookies.values(): > s += '\n%s %s' % (str(c), type(c)) > return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in) > if one access makecookies and then showcookies, you get: > Traceback (most recent call last): > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", > line 1519, in HandlerDispatch > default=default_handler, arg=req, silent=hlist.silent) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", > line 1224, in _process_target > result = _execute_target(config, req, object, arg) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", > line 1123, in _execute_target > result = object(arg) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", > line 213, in handler > published = publish_object(req, object) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", > line 425, in publish_object > return publish_object(req,util.apply_fs_data(object, req.form, req=req)) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", > line 546, in apply_fs_data > return object(**args) > File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies > cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret') > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", > line 352, in get_cookies > return Class.parse(cookies, **kw) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", > line 254, in parse > c.unmarshal(secret) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", > line 282, in unmarshal > self.value = marshal.loads(base64.decodestring(self.value)) > File > "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", > line 44, in decodestring > return binascii.a2b_base64(s) > Error: Incorrect padding > The problem is that Cookie.get_cookies() makes assumption that all cookies > being sent by browser will be of the same derived type, or are a basic > cookie. If mixing derived types and they are not compatible as far as > unpacking goes, the code will fail. > For starters, there should be a new function called Cookie.get_cookie() where > you name the cookie and it only tries to decode that one cookie. This new > method should also be used in the Session class instead of using > Cookie.get_cookies(). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.