|
Jim Gallacher
jpg at jgassociates.ca
Fri Jan 27 12:09:47 EST 2006
Wouter van Marle wrote:
> On Fri, 2006-01-27 at 10:34 -0500, Jim Gallacher wrote:
>
>
>>Wouter van Marle wrote:
>>
>>>Hi All,
>>>
>>>I'm fiddling around with cookies, and after wondering why I always lost
>>>my settings information I did some testing, and ran into what seems a
>>>very very strict limit in cookie length. The code here is based on the
>>>examples of the web pages. From the documentation I find that there is
>>>no strict limit on the size of the value in the cookies, the only limit
>>>I found mentioned in the archives is a 4k http header limit from Apache.
>>>I'd assume I'm way below that.
>>>
>>>Test 1 works correctly.
>>>
>>>Test 2, with a slightly larger data for the cookie, fails. It is for
>>>some reason not recognised as a valid MarshalCookie! The value used in
>>>this case (the rest of the code being identical):
>>>value = {'egg': 32,
>>> 'color': 'white',
>>> 'foo': 'bar',
>>> 'foobar': 5}
>>>
>>>Here the code of Test 1 (maybe with some extra line breaks due to e-mail
>>>formatting):
>>>
>>>from mod_python import Cookie, apache
>>>import time
>>>
>>>def handler(req):
>>>
>>> req.content_type = "text/html; charset=utf-8"
>>>
>>> cookies = Cookie.get_cookies(req, Cookie.MarshalCookie,
>>> secret='secret007')
>>>
>>> if cookies.has_key('spam'):
>>> spamcookie = cookies['spam']
>>>
>>> req.write('Great, a spam cookie was found: %s\n' \
>>> % str(spamcookie))
>>> if type(spamcookie) is Cookie.MarshalCookie:
>>> req.write('Here is what it looks like decoded: %s=%s\n'
>>> % (spamcookie.name, spamcookie.value))
>>> else:
>>> req.write('WARNING: The cookie found is not a \
>>> MarshalCookie, it may have been tapered with!')
>>>
>>> else:
>>>
>>> value = {'egg': 32,
>>> 'color': 'white',
>>> 'foo': 'bar'}
>>>
>>> Cookie.add_cookie(req, Cookie.MarshalCookie('spam', value, 'secret007'))
>>> req.write('Spam cookie not found, but we just set one!\n')
>>>
>>> return
>>
>>
>>I tried your 2 test cases and they both work just fine. Are you saying
>>that test case 2 as shown above fails, or is the value for test case 2
>>actually much larger? How does it fail: Not a marshal cookie, or not found?
>
>
>
> The output as given in the browser is the line 'WARNING: The cookie
> found is not a MarshalCookie, it may have been tapered with!' .
> Attempting to decode the cookie gives garbage.
This certainly suggests that the output header is getting truncated. The
browser is not returning the complete cookie.
> I'm using Mozilla 1.7.6, Apache Server version:
> Apache-AdvancedExtranetServer/2.0.53, mod_python 3.1.4.4mdk.
>
> The problem appears to be the same on my debian server (I don't want to
> use it for the above tests; but I found the problem with disappearing
> and unreadable cookies there first). A related problem with the
> (apparently too long) cookies is that both the path= and expires=
> parameters are being ignored when setting the cookie.
They are on the Set-Cookie header line following the cookie value, so if
the header is getting trimmed somewhere it's not a suprise that they are
messed up or missing as well.
>
>>Using value = {'test': 'a' * size}, I found that Firefox was not setting
>>the cookie for size > 3029, and so was not sending it to the server on
>>subsequent requests.
>
>
>
> Mmmm well I'm testing it with the variables as given above, that failed.
> I just found that using {'a': 'a'*44} is the maximum I can get through.
> Much smaller than on your side, very strange.
Very strange indeed. There is nothing in Cookie.py that would truncate
the value that is used for the Set-Cookie header so I don't see how that
could be a problem. What happens if you try setting some other response
header such as content_type with a long value? You can use
httpLiveHeaders or wget to see what the server sends.
> How to easily get the complete header length, by the way?
>
wget -S http://localhost/cookietest.py 2>&1 | grep Set-Cookie | cut -f 2
-d ":" |tr -d " " |wc
Jim
> Wouter.
>
>
>
>> The header was sent however from the server
>>however, so it looks like you face 2 possible limits: the max that
>>apache will send and the max that a browser will receive. (A quick check
>> with IE 6 reveals that it is most likely a browser limit. The cookie
>>setting works for size > 3500. I didn't test beyond that, but I'm sure
>>there must be some limit'). FYI for size = 3029 the header length =
>>4097, while size = 3030 gives a header length of 4101.
>>
>>Perhaps you could expand a little on the exact failure you are seeing.
>>
>>Jim
>>
>>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
|