[zope2-tracker] [Bug 563229] Re: json cookies break cookie parsing

[Tres Seaver]

RFC 2965[1] governs HTTP cookies, and mandates that the 'value' side of
a cookie av-pair be one of either 'token' (sequence of non-whitespace,
non-separators), or 'quoted-string' (double quotes around a sequence of
anything *except* non-escaped double quotes), both as specified in RFC
2616[2].

So, whatever code you have which is generating such a cookie without
escaping the quotes with backslashes is in violation of the spec.  The
'HTTPResponse.setCookie' method should probably be doing the escaping,
as well as wrapping any non-token values in double quotes, and
'parse_cookie' should handle the unescaping and stripping of quotes.

 [1] http://tools.ietf.org/html/rfc2965
 [2] http://tools.ietf.org/html/rfc2616

I will apply the patch anyway, as it doesn't break other tests, or
introduce any new complexity to 'parse_cookie'.

-- 
json cookies break cookie parsing
https://bugs.launchpad.net/bugs/563229
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.