|
Daniel Nogradi
nogradi at gmail.com
Sat Jun 24 04:39:46 EDT 2006
> > I'm slightly confused about the return type of the parse method of
> > SignedCookie and the way one should check if the cookie was signed
> > correctly. Cookie.py defines the parse method as
> >
> > class SignedCookie(Cookie):
> > ....
> > def parse(Class, s, secret):
> >
> > dict = _parse_cookie(s, Class)
> > ....
> > return dict
> >
> > and the function _parse_cookie is defined something like
> >
> > def _parse_cookie(str, Class):
> > ....
> > result = {}
> > ....
> > return result
> >
> > so it seems to me that the return type of the parse method of
> > SignedCookie is dict so I don't really know what to make of the docs
> > saying
> >
> > Note: Always check the types of objects returned by
> > SignedCookie.parse().If it is an instance
> > of Cookie (as opposed to SignedCookie), the signature verification has
> > failed:
> >
> > # assume spam is supposed to be a signed cookie
> > if type(spam) is not Cookie.SignedCookie:
> > # do something that indicates cookie isn't signed correctly
> >
> > Isn't the return type always dict and never Cookie.SignedCookie? Or am
> > I misunderstanding something somewhere?
>
> The documentation for SignedCookie.parse is a little misleading (or
> maybe it's just completely wrong). Take a look at the description for
> Cookie.parse() which is a little clearer:
>
> """
> parse(string)
>
> This method returns a dictionary of Cookie instances, not a single
> Cookie instance.
>
> Here is an example of getting a single Cookie instance:
>
> mycookies = Cookie.parse("spam=eggs; expires=Sat, 14-Jun-2003 02:42:36 GMT")
> spamcookie = mycookies["spam"]
> """
>
> So for SignedCookie, you would test spamcookie rather that mycookies.
Thanks a lot Jim, in this way it makes perfect sense.
Daniel
|