|
Jim Gallacher
jpg at jgassociates.ca
Fri Jan 27 10:34:24 EST 2006
Wouter van Marle wrote:
> Hi All,
>
> I'm fiddling around with cookies, and after wondering why I always lost
> my settings information I did some testing, and ran into what seems a
> very very strict limit in cookie length. The code here is based on the
> examples of the web pages. From the documentation I find that there is
> no strict limit on the size of the value in the cookies, the only limit
> I found mentioned in the archives is a 4k http header limit from Apache.
> I'd assume I'm way below that.
>
> Test 1 works correctly.
>
> Test 2, with a slightly larger data for the cookie, fails. It is for
> some reason not recognised as a valid MarshalCookie! The value used in
> this case (the rest of the code being identical):
> value = {'egg': 32,
> 'color': 'white',
> 'foo': 'bar',
> 'foobar': 5}
>
> Here the code of Test 1 (maybe with some extra line breaks due to e-mail
> formatting):
>
> from mod_python import Cookie, apache
> import time
>
> def handler(req):
>
> req.content_type = "text/html; charset=utf-8"
>
> cookies = Cookie.get_cookies(req, Cookie.MarshalCookie,
> secret='secret007')
>
> if cookies.has_key('spam'):
> spamcookie = cookies['spam']
>
> req.write('Great, a spam cookie was found: %s\n' \
> % str(spamcookie))
> if type(spamcookie) is Cookie.MarshalCookie:
> req.write('Here is what it looks like decoded: %s=%s\n'
> % (spamcookie.name, spamcookie.value))
> else:
> req.write('WARNING: The cookie found is not a \
> MarshalCookie, it may have been tapered with!')
>
> else:
>
> value = {'egg': 32,
> 'color': 'white',
> 'foo': 'bar'}
>
> Cookie.add_cookie(req, Cookie.MarshalCookie('spam', value, 'secret007'))
> req.write('Spam cookie not found, but we just set one!\n')
>
> return
I tried your 2 test cases and they both work just fine. Are you saying
that test case 2 as shown above fails, or is the value for test case 2
actually much larger? How does it fail: Not a marshal cookie, or not found?
Using value = {'test': 'a' * size}, I found that Firefox was not setting
the cookie for size > 3029, and so was not sending it to the server on
subsequent requests. The header was sent however from the server
however, so it looks like you face 2 possible limits: the max that
apache will send and the max that a browser will receive. (A quick check
with IE 6 reveals that it is most likely a browser limit. The cookie
setting works for size > 3500. I didn't test beyond that, but I'm sure
there must be some limit'). FYI for size = 3029 the header length =
4097, while size = 3030 gives a header length of 4101.
Perhaps you could expand a little on the exact failure you are seeing.
Jim
|