New submission from Yuen Ho Wong <>:

This is a minor bug remotely related to issue 100.

According to the WSGI spec, all the strings in the environ should be byte 
strings. However, if 
some IIdentifier plugin returns an unicode login name for identity dict, 
AuthTktCookie will 
automatically encoding the value into UTF-8, and rewrite the `user_data` field 
of the auth_tkt to 
embed the type info.  

This is doubly bad besides deviating from the spec. According to the 
mod_auth_tkt README, 
the user_data field has special meaning to the Apache module and should not be 

IMHO the proper fix is to have the plugin to look for a charset value that's in 
scope when 
something needs to be decoded/encoded.

messages: 274
nosy: wyuenho
priority: bug
status: unread
title: AuthTktCookie should not try to decode userid based on value types
topic: repoze.who

Repoze Bugs <>
Repoze-dev mailing list

Reply via email to