Hi Martijn and Jim

> -----Original Message-----
> [mailto:[EMAIL PROTECTED] On 
> Behalf Of Martijn Pieters
> Sent: Monday, September 05, 2005 8:50 PM
> To: zope3-dev@zope.org
> Subject: [Zope3-dev] Re: z3 webserver bug?
> Roger Ineichen wrote:
> > Why does the z3 server parse this cookie and end in a
> > CookieError?
> > 
> > This happens useing ie 6.0 explorer.
> [..]
> >   File "C:\Python24\lib\Cookie.py", line 453, in set
> >     raise CookieError("Illegal key value: %s" % key)
> > CookieError: Illegal key value: Williams/OU
> Because the cookie key contains an illegal character. See 
> Cookie.py line
> 251 for the legal characters allowed in a cookie key; the / 
> is illegal;
> that is, the cookie RFC doesn't allow slashes in key values. Allowable
> characters are a-z, A-Z, 0-9 and any of the characters (without the
> quotes) in "!#$%&'*+-.^_`|~".

Ah, Ok I see. I didn't find information about this before. Now I 
found the relevant RFC at: http://www.faqs.org/rfcs/rfc2109.html. 

> (I misnamed the applicable lines in your bug report, sorry).
> As stated in collector item 450, I think Zope3 should log such cookie
> errors in the log and otherwise pretend the cookie was never sent.

Ok I agree with you and Jim's comment in the issue. 
The RFC 2109 describes this at 4.2.1 like:
A user agent returns a Cookie request header (see below) to the
origin server if it chooses to continue a session.  The origin server
may ignore it or use it to determine the current state of the session.

I guess in this case of a CookieError (because of wrong key/value) 
we should also log it and raise no eception. right?

Thanks a lot

Roger Ineichen

> Martijn Pieters

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to