Hi Martijn and Jim > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Martijn Pieters > Sent: Monday, September 05, 2005 8:50 PM > To: zope3-dev@zope.org > Subject: [Zope3-dev] Re: z3 webserver bug? > > Roger Ineichen wrote: > > Why does the z3 server parse this cookie and end in a > > CookieError? > > > > This happens useing ie 6.0 explorer. > > [..] > > > File "C:\Python24\lib\Cookie.py", line 453, in set > > raise CookieError("Illegal key value: %s" % key) > > CookieError: Illegal key value: Williams/OU > > Because the cookie key contains an illegal character. See > Cookie.py line > 251 for the legal characters allowed in a cookie key; the / > is illegal; > that is, the cookie RFC doesn't allow slashes in key values. Allowable > characters are a-z, A-Z, 0-9 and any of the characters (without the > quotes) in "!#$%&'*+-.^_`|~".
Ah, Ok I see. I didn't find information about this before. Now I found the relevant RFC at: http://www.faqs.org/rfcs/rfc2109.html. > (I misnamed the applicable lines in your bug report, sorry). > > As stated in collector item 450, I think Zope3 should log such cookie > errors in the log and otherwise pretend the cookie was never sent. Ok I agree with you and Jim's comment in the issue. The RFC 2109 describes this at 4.2.1 like: ------------------------------------------ A user agent returns a Cookie request header (see below) to the origin server if it chooses to continue a session. The origin server may ignore it or use it to determine the current state of the session. ------------------------------------------ I guess in this case of a CookieError (because of wrong key/value) we should also log it and raise no eception. right? Thanks a lot Roger Ineichen _____________________________ END OF MESSAGE > Martijn Pieters _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
