[Zope3-dev] Re: z3 webserver bug?
Roger Ineichen
dev at projekt01.ch
Mon Sep 5 18:11:11 EDT 2005
Hi Martijn and Jim
> -----Original Message-----
> From: zope3-dev-bounces+dev=projekt01.ch at zope.org
> [mailto:zope3-dev-bounces+dev=projekt01.ch at zope.org] On
> Behalf Of Martijn Pieters
> Sent: Monday, September 05, 2005 8:50 PM
> To: zope3-dev at zope.org
> Subject: [Zope3-dev] Re: z3 webserver bug?
>
> Roger Ineichen wrote:
> > Why does the z3 server parse this cookie and end in a
> > CookieError?
> >
> > This happens useing ie 6.0 explorer.
>
> [..]
>
> > File "C:\Python24\lib\Cookie.py", line 453, in set
> > raise CookieError("Illegal key value: %s" % key)
> > CookieError: Illegal key value: Williams/OU
>
> Because the cookie key contains an illegal character. See
> Cookie.py line
> 251 for the legal characters allowed in a cookie key; the /
> is illegal;
> that is, the cookie RFC doesn't allow slashes in key values. Allowable
> characters are a-z, A-Z, 0-9 and any of the characters (without the
> quotes) in "!#$%&'*+-.^_`|~".
Ah, Ok I see. I didn't find information about this before. Now I
found the relevant RFC at: http://www.faqs.org/rfcs/rfc2109.html.
> (I misnamed the applicable lines in your bug report, sorry).
>
> As stated in collector item 450, I think Zope3 should log such cookie
> errors in the log and otherwise pretend the cookie was never sent.
Ok I agree with you and Jim's comment in the issue.
The RFC 2109 describes this at 4.2.1 like:
------------------------------------------
A user agent returns a Cookie request header (see below) to the
origin server if it chooses to continue a session. The origin server
may ignore it or use it to determine the current state of the session.
------------------------------------------
I guess in this case of a CookieError (because of wrong key/value)
we should also log it and raise no eception. right?
Thanks a lot
Roger Ineichen
_____________________________
END OF MESSAGE
> Martijn Pieters
More information about the Zope3-dev
mailing list