Hello, I wonder why ZPublisher/HTTPResponse.py adds double quotes to cookie values when creating the Set-Cookie HTTP header (see function _cookie_list) ? Browsers (Firefox at least) seem to consider these quotes as part of the value which can be problematic. Recently I had to patch HTTPResponse.py to remove the quotes because I wanted to set a session cookie for PHP from Zope (if someone's interested I'll explain why ;-) and PHP would not understand the cookie with the double quotes... Should I submit a patch to the maintainers ? Oscar Figueiredo
Oscar Figueiredo wrote at 2005-6-13 19:38 +0200:
I wonder why ZPublisher/HTTPResponse.py adds double quotes to cookie values when creating the Set-Cookie HTTP header (see function _cookie_list) ? Browsers (Firefox at least) seem to consider these quotes as part of the value which can be problematic.
A cookie value must not contain some characters -- unless it is quoted. Therefore, Zope quotes the values (to avoid problems when you forgot to quote yourself). HTTP clients should not interprete the cookie value but handle it as an opaque item. This means a client should not have a problem with a quoted value.
... Should I submit a patch to the maintainers ?
I expect your acceptance chances as small... -- Dieter
participants (2)
-
Dieter Maurer -
Oscar Figueiredo