Edi Weitz edi@agharta.de writes:
On Sat, 15 Mar 2008 22:59:09 -0500, Victor Kryukov victor.kryukov@gmail.com wrote:
According to RFC2965[1]
Unfortunately, it has been my experience that you can't rely on RFCs when parsing cookies as there are too many deviations out there.
First of all, let me correct myself: not only RFC 2965 (which is a new standard), but also RFC 2109 (which is the old standard for cookies that seem to be widespreadly used) requires cookie values to be either terms or quoted strings.
I understand why you may want to be less strict about following the standard and allow some deviations from it, but current DRAKMA behaviour is broken for the sites that _do follow the standard_, which I think is not acceptable, as least not as a default behaviour.
As a reference point, I've checked that python >= 2.4 follows RFC 2109 more or less (you can check lib/Cookie.py, _CookiePattern is their regexp for parsing name/value pairs), and Perl also parses quoted cookie values without any problems (I've used WWW::Mechanize which in turn uses HTTP::Cookie for cookie handling).
Having said that, I'd be happy to accept a patch which fixed this particular issue without breaking "compatibility" with other widespread ways of setting cookies.
I'd be happy to provide a patch once I better understand what are the "compatibility" requirements. Could you please point me in the right direction? Do you mean old-style Netscape cookies[1]?
Also, there are mutliple strategies to fix that. One is to follow RFC2109 by default, but allow for Netscape-style cookies after setting a certain parameter (I'd prefer this one). Another is to try to follow RFC 2109, but then rollback to Netscape-style cookies if parsing error occurs. There are probably other possible approaches. Which one would you prefer?
Regards, Victor.