[mod_python] Re: Cookie patch

Joe Schaefer joe+gmane at sunstarsys.com
Fri Jan 14 09:06:45 EST 2005

Nicolas Lehuen <nicolas.lehuen at gmail.com>


> Looking from this definition,  only $Path and $Domain attributes are
> allowed. mod_python accepts more attributes. The question is, should
> we be liberal in what we accept (and strict  in what we produce, of
> course) ? I think so.

+1.  RFC 2965 (which supercedes 2109) defines a few additional attributes.

>> There's no universally-accepted way to mix Netscape cookies
>> with the RFC-based ($Version=1) cookies within the same HTTP
>> request.  At some point the IETF tried to produce an errata
>> document to address this, but IIRC failed to achieve consensus
>> on a resolution.
> That's another reason to be as liberal as we can without breaking
> anything. 

True enough.  There are also a few security-related comments
in the specs that you might want to factor in, but simply doing 
what other implementations do (jetty, or zope perhaps) is a good 
plan. Though as you might guess, I'd still like to see apreq become
useable by mod_python hackers someday ;-).

Joe Schaefer

More information about the Mod_python mailing list