Nicolas Lehuen
nicolas.lehuen at gmail.com
Fri Jan 14 02:03:56 EST 2005
On Thu, 13 Jan 2005 15:56:56 -0500, Joe Schaefer <joe+gmane at sunstarsys.com> wrote: > Nicolas Lehuen <nicolas.lehuen at gmail.com> > writes: > > [...] > > > Cookie: test1=2;$Path=/;$Version=1;test2=3;$Path=/foo;$Version=2 > > ==> two Cookies : > > - one with key=='test1', value=='2', version=='1' and path=='/' > > - one with key=='test2', value=='3', version=='2' and path=='/foo' > > Apologies for delurking ourside my normal domain, but the above > test doesn't make much sense to me. AIUI, $Version is supposed to > describe the protocol (headers), not the individual cookies. > Here's the 2109 BNF: > > cookie = "Cookie:" cookie-version > 1*((";" | ",") cookie-value) Yeah, the test doesn't makes sense, it was just to check the algorithm and the fact that you could define multiple attributes for the same cookie. I should have used $domain instead : Cookie: test1=2;$Path=/;$Domain=foo.com;test2=3;$Path=/foo;$Domain=bar.foo.com ==> two Cookies : - one with key=='test1', value=='2', domain=='foo.com' and path=='/' - one with key=='test2', value=='3', domain=='bar.foo.com' and path=='/foo' You've got a point here : both the new and old _parse_cookie function do not follow the BNF definition : cookie = "Cookie:" cookie-version 1*((";" | ",") cookie-value) cookie-value = NAME "=" VALUE [";" path] [";" domain] cookie-version = "$Version" "=" value NAME = attr VALUE = value path = "$Path" "=" value domain = "$Domain" "=" value Looking from this definition, only $Path and $Domain attributes are allowed. mod_python accepts more attributes. The question is, should we be liberal in what we accept (and strict in what we produce, of course) ? I think so. > There's no universally-accepted way to mix Netscape cookies > with the RFC-based ($Version=1) cookies within the same HTTP > request. At some point the IETF tried to produce an errata > document to address this, but IIRC failed to achieve consensus > on a resolution. That's another reason to be as liberal as we can without breaking anything. Regards, Nicolas
|