Issue 3924: cookielib chokes on non-integer cookie version, should ignore it instead

Created on 2008-09-21 18:30 by DenNukem, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (8)

msg73518 - (view)

Author: Denis (DenNukem)

Date: 2008-09-21 18:30

PROBLEM:

Some sites (e.g. https://itunesconnect.apple.com) sends cookies where version is "1" instead of 1. Cookielib chokes on it so none of the cookies work after that.

PROBLEM CODE: def _cookie_from_cookie_tuple(self, tup, request): ... name, value, standard, rest = tup ... version = standard.get("version", None) if version is not None: version = int(version) << CRASH HERE!!!

WORKAROUND:

use my own cookie jar, e.g.:

class MyCookieJar(CookieJar): def _cookie_from_cookie_tuple(self, tup, request): name, value, standard, rest = tup standard["version"]= None CookieJar._cookie_from_cookie_tuple(self, tup, request)

REAL FIX: do not assume that version is int, keep it as string if it does not parse as int:

CRASH STACK:

/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/cookielib.py:1577: UserWarning: cookielib bug! Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/cookielib.py", line 1575, in make_cookies parse_ns_headers(ns_hdrs), request) File "/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/cookielib.py", line 1532, in _cookies_from_attrs_set cookie = self._cookie_from_cookie_tuple(tup, request) File "/Users/denis/Documents/svn2/tson/main/sales/src/download_sales.py", line 28, in _cookie_from_cookie_tuple CookieJar._cookie_from_cookie_tuple(self, tup, request) File "/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/cookielib.py", line 1451, in _cookie_from_cookie_tuple if version is not None: version = int(version) ValueError: invalid literal for int() with base 10: '"1"'

_warn_unhandled_exception()

msg74825 - (view)

Author: John J Lee (jjlee)

Date: 2008-10-15 23:10

The sensible fix for this is to strip the quotes off, defaulting to version 0 on failure to parse the version cookie-attribute. It's not necessary to retain the original version string.

By the way, what you posted warning rather than a strictly unhandled exception or "crash" -- it's a bug, but won't cause the program to stop. And by "none of the cookies work after that", you mean that no cookies in headers containing the quoted version cookie-attribute are accepted by the cookiejar.

FWIW, this bug only affects RFC 2109 cookies, not RFC 2965 cookies.

msg75213 - (view)

Author: John J Lee (jjlee)

Date: 2008-10-25 16:50

Patch with tests attached. The patch is slightly different to my first suggestion: in the patch, invalid version values cause the cookie to be ignored (but double quotes around valid versions are fine).

msg75214 - (view)

Author: John J Lee (jjlee)

Date: 2008-10-25 16:58

The bug is present on trunk and on the py3k branch, so I've selected versions "Python 2.7" and "Python 3.0"

This is a straightforward bug, so I selected 2.5.3 and 2.6 also, to indicate this is a candidate for backport.

msg77493 - (view)

Author: Martin v. Löwis (loewis) * (Python committer)

Date: 2008-12-10 08:29

As the patch hasn't been applied to the trunk yet, I'm rejecting it for 2.5.3.

msg83013 - (view)

Author: Henrik Olsson (henriko)

Date: 2009-03-02 12:11

The cookiejar workaround in the first comment did not work for me. The cookies didn't stick in it. I guess version needs to be set.. this worked for me:

class ForgivingCookieJar(cookielib.CookieJar): def _cookie_from_cookie_tuple(self, tup, request): name, value, standard, rest = tup version = standard.get("version", None) if version is not None: # Some servers add " around the version number, this module expects a pure int. standard["version"] = version.strip('"') return cookielib.CookieJar._cookie_from_cookie_tuple(self, tup, request)

msg85790 - (view)

Author: Andy Sk (andysk)

Date: 2009-04-09 03:12

Thank you Henrik. The workaround in the first comment caused some cookies to be handled incorrectly due to ignoring version on all cookies, but your workaround is nice.

It seems that the patch jjlee supplied should really be applied, however, to save others from having this problem.

msg106298 - (view)

Author: Georg Brandl (georg.brandl) * (Python committer)

Date: 2010-05-22 11:33

Thanks for the patch! Applied in r81465 f. Merged to 2.x in r81467, will merge to 3k later.

History

Date

User

Action

Args

2022-04-11 14:56:39

admin

set

github: 48174

2010-07-12 20:31:34

eric.araujo

link

issue8975 superseder

2010-05-22 11:33:38

georg.brandl

set

status: open -> closed

nosy: + georg.brandl
messages: +

resolution: fixed

2009-11-24 18:07:07

asuiu

set

versions: + Python 3.1

2009-04-09 03:12:11

andysk

set

nosy: + andysk
messages: +

2009-03-02 12:11:39

henriko

set

nosy: + henriko
messages: +

2009-02-13 01:31:48

ajaksu2

set

stage: patch review
versions: - Python 2.5

2008-12-10 08:29:43

loewis

set

nosy: + loewis
messages: +
versions: - Python 2.5.3

2008-10-25 16:58:13

jjlee

set

type: crash -> behavior
messages: +
components: + Library (Lib), - None
versions: + Python 2.6, Python 3.0, Python 2.7, Python 2.5.3

2008-10-25 16:50:37

jjlee

set

files: + issue3924.patch
keywords: + patch
messages: +

2008-10-15 23:10:11

jjlee

set

nosy: + jjlee
messages: +

2008-09-21 18:30:24

DenNukem

create

Issue 3924: cookielib chokes on non-integer cookie version, should ignore it instead (original) (raw)