|
Wouter van Marle
wouter at squirrel-systems.com
Fri Jan 27 11:26:18 EST 2006
On Fri, 2006-01-27 at 10:34 -0500, Jim Gallacher wrote:
> Wouter van Marle wrote:
> > Hi All,
> >
> > I'm fiddling around with cookies, and after wondering why I always lost
> > my settings information I did some testing, and ran into what seems a
> > very very strict limit in cookie length. The code here is based on the
> > examples of the web pages. From the documentation I find that there is
> > no strict limit on the size of the value in the cookies, the only limit
> > I found mentioned in the archives is a 4k http header limit from Apache.
> > I'd assume I'm way below that.
> >
> > Test 1 works correctly.
> >
> > Test 2, with a slightly larger data for the cookie, fails. It is for
> > some reason not recognised as a valid MarshalCookie! The value used in
> > this case (the rest of the code being identical):
> > value = {'egg': 32,
> > 'color': 'white',
> > 'foo': 'bar',
> > 'foobar': 5}
> >
> > Here the code of Test 1 (maybe with some extra line breaks due to e-mail
> > formatting):
> >
> > from mod_python import Cookie, apache
> > import time
> >
> > def handler(req):
> >
> > req.content_type = "text/html; charset=utf-8"
> >
> > cookies = Cookie.get_cookies(req, Cookie.MarshalCookie,
> > secret='secret007')
> >
> > if cookies.has_key('spam'):
> > spamcookie = cookies['spam']
> >
> > req.write('Great, a spam cookie was found: %s\n' \
> > % str(spamcookie))
> > if type(spamcookie) is Cookie.MarshalCookie:
> > req.write('Here is what it looks like decoded: %s=%s\n'
> > % (spamcookie.name, spamcookie.value))
> > else:
> > req.write('WARNING: The cookie found is not a \
> > MarshalCookie, it may have been tapered with!')
> >
> > else:
> >
> > value = {'egg': 32,
> > 'color': 'white',
> > 'foo': 'bar'}
> >
> > Cookie.add_cookie(req, Cookie.MarshalCookie('spam', value, 'secret007'))
> > req.write('Spam cookie not found, but we just set one!\n')
> >
> > return
>
>
> I tried your 2 test cases and they both work just fine. Are you saying
> that test case 2 as shown above fails, or is the value for test case 2
> actually much larger? How does it fail: Not a marshal cookie, or not found?
The output as given in the browser is the line 'WARNING: The cookie
found is not a MarshalCookie, it may have been tapered with!' .
Attempting to decode the cookie gives garbage.
I'm using Mozilla 1.7.6, Apache Server version:
Apache-AdvancedExtranetServer/2.0.53, mod_python 3.1.4.4mdk.
The problem appears to be the same on my debian server (I don't want to
use it for the above tests; but I found the problem with disappearing
and unreadable cookies there first). A related problem with the
(apparently too long) cookies is that both the path= and expires=
parameters are being ignored when setting the cookie.
> Using value = {'test': 'a' * size}, I found that Firefox was not setting
> the cookie for size > 3029, and so was not sending it to the server on
> subsequent requests.
Mmmm well I'm testing it with the variables as given above, that failed.
I just found that using {'a': 'a'*44} is the maximum I can get through.
Much smaller than on your side, very strange.
How to easily get the complete header length, by the way?
Wouter.
> The header was sent however from the server
> however, so it looks like you face 2 possible limits: the max that
> apache will send and the max that a browser will receive. (A quick check
> with IE 6 reveals that it is most likely a browser limit. The cookie
> setting works for size > 3500. I didn't test beyond that, but I'm sure
> there must be some limit'). FYI for size = 3029 the header length =
> 4097, while size = 3030 gives a header length of 4101.
>
> Perhaps you could expand a little on the exact failure you are seeing.
>
> Jim
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20060128/3f4a6561/attachment.html
|