sessions: unable to handle cookie in quotes about webapp-improved HOT 11 CLOSED

A better fix would be to use Cookie._unquote from stdlib. 

unquoted_value = Cookie._unquote(value)
parts = val.split('|')

Hi. Trying to understand this:

2. send a request with the session cookie in double quotes.

Could you please give a full example?

Ok, I understand it now.

The Python SDK 1.6.1 ships with WebOb 0.9. Latest versions of WebOb unquote 
cookies by default. Please use the latest version configuring it in app.yaml 
and let me know if the problem still occurs:

http://code.google.com/appengine/docs/python/python27/using27.html#Configuring_L
ibraries

You must have WebOb installed in your system for this to work.

I got this issue while writing unittests using Webtest 
(http://pypi.python.org/pypi/WebTest). Investigating this issue I found this: 
https://github.com/kennethreitz/requests/issues/286 . As far as I understood 
firefox will not quote the cookie as the standard recommends... So the issue 
only happened to me when I was using Webtest. 

It is easy to reproduce just call response.follow() (from 
http://webtest.pythonpaste.org/en/latest/index.html#the-response-object). I can 
give a try on writing a unittest later today if you wish...

Also I guess webapp2 is also wrong in that it nevers encode the cookie, but i 
guess all clients forgive that.

ok. it works with latest webob. 
I stared http://code.google.com/p/googleappengine/issues/detail?id=2788 :)
thanks for quick reply

Thanks Rodrio for spotting the library incompatibility.
This issue should be closed.

Notice that latest WebOb is available in production in the Python 2.7 runtime 
(through app.yaml configuration), it just doesn't ship with the SDK.

I still want to take a look if something can be done for people with old WebOb.

Thanks for the input, guys. I'll close the issue and recommend people to use 
updated version. WebOb 0.9 is now 4 years old after all.

fair enough. I am actually monkey-patching webapp2 because using a different 
webob on gae dev is a pain... some might find this useful:

# monkeypatch webapp2 to fix
# http://code.google.com/p/webapp-improved/issues/detail?id=41
# the problem was actually fixed on webob>0.9, keep this until appengine
# upgrades webob.
from webapp2_extras import securecookie
original_deserialize = securecookie.SecureCookieSerializer.deserialize
import Cookie
def patched_deserialize(self, name, value, max_age=None):
    unquoted_value = Cookie._unquote(value)
    return original_deserialize(self, name, unquoted_value, max_age)
securecookie.SecureCookieSerializer.deserialize = patched_deserialize
# end monkey-patch webapp2

This issue was closed by revision c19adda08036.

Next release will include your patch. This release should be part of the next 
SDK.