[mod_python] Can i have both Marshal and Signed CookieswithPublisher?

Clodoaldo Pinto Neto clodoaldo.pinto at gmail.com
Sun Oct 29 18:24:31 EST 2006


2006/10/29, Graham Dumpleton <grahamd at dscpl.com.au>:
> I have created a JIRA issue for this at:
>
>   http://issues.apache.org/jira/browse/MODPYTHON-200
>
> At the moment I have made changes (not committed), that would allow
> one to do:
>
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret', names=['marshal'])
>
> That is, when using Cookie.get_cookies(), one can optionally provide a
> keyword argument called 'names' which is a set/list of cookie names
> to decode.

IMHO, the least surprise behavior is if Cookie.get_cookies() returned
all cookies of the given class regardless of how many different cookie
classes there are in the header.

Why isn't the except clause catching the exception? What exception is
being raised?:

    def parse(Class, s, secret):

        dict = _parse_cookie(s, Class)

        for k in dict:
            c = dict[k]
            try:
                c.unmarshal(secret)
            except (CookieError, ValueError):
                # downgrade to Cookie
                dict[k] = Cookie.parse(Cookie.__str__(c))[k]

        return dict

What is the point in downgrading the cookie? If it is tampered or
corrupted then why not just discard it?

Regards, Clodoaldo Pinto Neto


More information about the Mod_python mailing list