[drakma-devel] Re: Parsing quoted cookie values (bug?)
victor.kryukov at gmail.com
Mon Mar 17 23:04:18 UTC 2008
Edi Weitz <edi at agharta.de> writes:
> On Sat, 15 Mar 2008 22:59:09 -0500, Victor Kryukov <victor.kryukov at gmail.com> wrote:
>> According to RFC2965
> Unfortunately, it has been my experience that you can't rely on RFCs
> when parsing cookies as there are too many deviations out there.
First of all, let me correct myself: not only RFC 2965 (which is a new
standard), but also RFC 2109 (which is the old standard for cookies
that seem to be widespreadly used) requires cookie values to be either
terms or quoted strings.
I understand why you may want to be less strict about following the
standard and allow some deviations from it, but current DRAKMA
behaviour is broken for the sites that _do follow the standard_, which
I think is not acceptable, as least not as a default behaviour.
As a reference point, I've checked that python >= 2.4 follows RFC 2109
more or less (you can check lib/Cookie.py, _CookiePattern is their
regexp for parsing name/value pairs), and Perl also parses quoted
cookie values without any problems (I've used WWW::Mechanize which in
turn uses HTTP::Cookie for cookie handling).
> Having said that, I'd be happy to accept a patch which fixed this
> particular issue without breaking "compatibility" with other
> widespread ways of setting cookies.
I'd be happy to provide a patch once I better understand what are the
"compatibility" requirements. Could you please point me in the right
direction? Do you mean old-style Netscape cookies?
Also, there are mutliple strategies to fix that. One is to follow
RFC2109 by default, but allow for Netscape-style cookies after setting
a certain parameter (I'd prefer this one). Another is to try to follow
RFC 2109, but then rollback to Netscape-style cookies if parsing error
occurs. There are probably other possible approaches. Which one would
More information about the Drakma-devel