[drakma-devel] Re: Parsing quoted cookie values (bug?)

Edi Weitz edi at agharta.de
Mon Mar 17 23:24:19 UTC 2008

On Mon, 17 Mar 2008 18:04:18 -0500, Victor Kryukov <victor.kryukov at gmail.com> wrote:

> I understand why you may want to be less strict about following the
> standard and allow some deviations from it, but current DRAKMA
> behaviour is broken for the sites that _do follow the standard_,
> which I think is not acceptable, as least not as a default
> behaviour.


> I'd be happy to provide a patch once I better understand what are
> the "compatibility" requirements. Could you please point me in the
> right direction?

I wanted to provide some examples this morning already, but
unfortunately, I can't come up with any right now.  I /do/ know that
at one time I tested a lot of "real-life" cookies with Drakma, though,
and quite a few weren't RFC-compliant.

> Do you mean old-style Netscape cookies[1]?

Allowing old-style Netscape cookies - at least optionally - would be a
good idea, yes.

> Also, there are mutliple strategies to fix that. One is to follow
> RFC2109 by default, but allow for Netscape-style cookies after
> setting a certain parameter (I'd prefer this one). Another is to try
> to follow RFC 2109, but then rollback to Netscape-style cookies if
> parsing error occurs. There are probably other possible approaches.
> Which one would you prefer?

The ideal solution, I think, would be a combination of the first two
strategies you mentioned.  Follow RFC2109 by default, but provide one
or more sensible restarts in case a parsing error occurs.
Additionally, have some parameter (probably a global special variable)
which if set automatically invokes the "use old Netscape-style"

Does that sound reasonable?

More information about the Drakma-devel mailing list