[Zope] Zope quotes cookie values...
Dieter Maurer
dieter at handshake.de
Tue Jun 14 13:17:45 EDT 2005
Oscar Figueiredo wrote at 2005-6-13 19:38 +0200:
>I wonder why ZPublisher/HTTPResponse.py adds double quotes to cookie values
>when creating the Set-Cookie HTTP header (see function _cookie_list) ?
>Browsers (Firefox at least) seem to consider these quotes as part of the value
>which can be problematic.
A cookie value must not contain some characters -- unless it is quoted.
Therefore, Zope quotes the values (to avoid problems when you forgot
to quote yourself).
HTTP clients should not interprete the cookie value but handle
it as an opaque item.
This means a client should not have a problem with a quoted value.
> ...
>Should I submit a patch to the maintainers ?
I expect your acceptance chances as small...
--
Dieter
More information about the Zope
mailing list