Comments (11)
A better fix would be to use Cookie._unquote from stdlib.
unquoted_value = Cookie._unquote(value)
parts = val.split('|')
Original comment by [email protected]
on 25 Jan 2012 at 11:55
from webapp-improved.
Hi. Trying to understand this:
2. send a request with the session cookie in double quotes.
Could you please give a full example?
Original comment by rodrigo.moraes
on 25 Jan 2012 at 2:15
from webapp-improved.
Ok, I understand it now.
The Python SDK 1.6.1 ships with WebOb 0.9. Latest versions of WebOb unquote
cookies by default. Please use the latest version configuring it in app.yaml
and let me know if the problem still occurs:
http://code.google.com/appengine/docs/python/python27/using27.html#Configuring_L
ibraries
You must have WebOb installed in your system for this to work.
Original comment by rodrigo.moraes
on 25 Jan 2012 at 2:25
from webapp-improved.
I got this issue while writing unittests using Webtest
(http://pypi.python.org/pypi/WebTest). Investigating this issue I found this:
https://github.com/kennethreitz/requests/issues/286 . As far as I understood
firefox will not quote the cookie as the standard recommends... So the issue
only happened to me when I was using Webtest.
It is easy to reproduce just call response.follow() (from
http://webtest.pythonpaste.org/en/latest/index.html#the-response-object). I can
give a try on writing a unittest later today if you wish...
Also I guess webapp2 is also wrong in that it nevers encode the cookie, but i
guess all clients forgive that.
Original comment by [email protected]
on 25 Jan 2012 at 2:30
from webapp-improved.
ok. it works with latest webob.
I stared http://code.google.com/p/googleappengine/issues/detail?id=2788 :)
thanks for quick reply
Original comment by [email protected]
on 25 Jan 2012 at 2:43
from webapp-improved.
Thanks Rodrio for spotting the library incompatibility.
This issue should be closed.
Original comment by [email protected]
on 25 Jan 2012 at 3:49
from webapp-improved.
Notice that latest WebOb is available in production in the Python 2.7 runtime
(through app.yaml configuration), it just doesn't ship with the SDK.
I still want to take a look if something can be done for people with old WebOb.
Original comment by rodrigo.moraes
on 25 Jan 2012 at 11:31
from webapp-improved.
Thanks for the input, guys. I'll close the issue and recommend people to use
updated version. WebOb 0.9 is now 4 years old after all.
Original comment by rodrigo.moraes
on 31 Jan 2012 at 6:34
- Changed state: WontFix
from webapp-improved.
fair enough. I am actually monkey-patching webapp2 because using a different
webob on gae dev is a pain... some might find this useful:
# monkeypatch webapp2 to fix
# http://code.google.com/p/webapp-improved/issues/detail?id=41
# the problem was actually fixed on webob>0.9, keep this until appengine
# upgrades webob.
from webapp2_extras import securecookie
original_deserialize = securecookie.SecureCookieSerializer.deserialize
import Cookie
def patched_deserialize(self, name, value, max_age=None):
unquoted_value = Cookie._unquote(value)
return original_deserialize(self, name, unquoted_value, max_age)
securecookie.SecureCookieSerializer.deserialize = patched_deserialize
# end monkey-patch webapp2
Original comment by [email protected]
on 31 Jan 2012 at 6:49
from webapp-improved.
This issue was closed by revision c19adda08036.
Original comment by rodrigo.moraes
on 31 Jan 2012 at 7:13
- Changed state: Fixed
from webapp-improved.
Next release will include your patch. This release should be part of the next
SDK.
Original comment by rodrigo.moraes
on 31 Jan 2012 at 7:14
from webapp-improved.
Related Issues (20)
- Insecure password hash function
- auth: Rollback Unique DS entries if user.put() fails
- PathPrefixRoute redirects when rest of route is empty but then 404s.
- lazy_gettext doesn't use current locale settings HOT 1
- Only one gettext domain is loadad, others get ignored
- webapp2_extras.auth:invalid cookie signature only warning but no action taken HOT 1
- webapp2_extract.security.hash_password arbitrary hash method can lead to denial of service attack
- plim adapter as a template engine
- uri_for and positional arguments is weird
- webapp2_extras.sessions.SessionDict.__slots__ and SessionDict.container are unused?
- uri_for and Route.build only work in the context of a request
- Doc for webapp2_extras.routes.RedirectRoute has an error
- Broken code in gettingstarted/usingwebapp2.html
- json.dump(data, self.response) is incredibly slow
- Exception when password is unset
- Redirect Route strict_slash fails on POST HOT 1
- Entries under PathPrefixRoute does not show full url when calling uri_for()
- Patch for /docs/tutorials/gettingstarted/usingwebapp2.rst
- Please add a kwarg to the Route object which makes trailing slash optional HOT 4
- Webapp2_extras.sessions with backend 'datastore' not working properly HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webapp-improved.