[mod_python] Cookie problems

Jim Gallacher jpg at jgassociates.ca
Fri Jan 27 10:34:24 EST 2006

Wouter van Marle wrote:
> Hi All,
> I'm fiddling around with cookies, and after wondering why I always lost
> my settings information I did some testing, and ran into what seems a
> very very strict limit in cookie length. The code here is based on the
> examples of the web pages. From the documentation I find that there is
> no strict limit on the size of the value in the cookies, the only limit
> I found mentioned in the archives is a 4k http header limit from Apache.
> I'd assume I'm way below that.
> Test 1 works correctly.
> Test 2, with a slightly larger data for the cookie, fails. It is for
> some reason not recognised as a valid MarshalCookie! The value used in
> this case (the rest of the code being identical):
> value = {'egg': 32,
>          'color': 'white',
>          'foo': 'bar',
>          'foobar': 5}
> Here the code of Test 1 (maybe with some extra line breaks due to e-mail
> formatting):
> from mod_python import Cookie, apache
> import time
> def handler(req):
>     req.content_type = "text/html; charset=utf-8"
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie,
>                                     secret='secret007')
>     if cookies.has_key('spam'):
>         spamcookie = cookies['spam']
>         req.write('Great, a spam cookie was found: %s\n' \
>                                       % str(spamcookie))
>         if type(spamcookie) is Cookie.MarshalCookie:
>             req.write('Here is what it looks like decoded: %s=%s\n'
>                       % (spamcookie.name, spamcookie.value))
>         else:
>             req.write('WARNING: The cookie found is not a \
>                        MarshalCookie, it may have been tapered with!')
>     else:
>         value = {'egg': 32,
>                  'color': 'white',
>                  'foo': 'bar'}
>         Cookie.add_cookie(req, Cookie.MarshalCookie('spam', value, 'secret007'))
>         req.write('Spam cookie not found, but we just set one!\n')
>     return

I tried your 2 test cases and they both work just fine. Are you saying 
that test case 2 as shown above fails, or is the value for test case 2 
actually much larger? How does it fail: Not a marshal cookie, or not found?

Using value = {'test': 'a' * size}, I found that Firefox was not setting 
the cookie for size > 3029, and so was not sending it to the server on 
subsequent requests. The header was sent however from the server 
however, so it looks like you face 2 possible limits: the max that 
apache will send and the max that a browser will receive. (A quick check 
  with IE 6 reveals that it is most likely a browser limit. The cookie 
setting works for size > 3500. I didn't test beyond that, but I'm sure 
there must be some limit'). FYI for size = 3029 the header length = 
4097, while size = 3030 gives a header length of 4101.

Perhaps you could expand a little on the exact failure you are seeing.


More information about the Mod_python mailing list