Uploaded image for project: 'mod_python'
  1. mod_python
  2. MODPYTHON-200

Can't use signed and marshalled cookies together.

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.2.10
    • 3.3.1
    • core
    • None

    Description

      As reported by Clodoaldo Pinto Neto on mailing list:

      http://www.modpython.org/pipermail/mod_python/2006-October/022427.html

      one cannot use signed and marshalled cookies together.

      For example, with publisher code example:

      from mod_python import Cookie

      def makecookies(req):
      c = Cookie.MarshalCookie('marshal', 'value', 'secret')
      d = Cookie.SignedCookie('signed', 'value', 'secret')
      Cookie.add_cookie(req, c)
      Cookie.add_cookie(req, d)
      return 'made\n' + str(req.headers_out)

      def showcookies(req):
      cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
      s = 'There are %s cookies'% len(cookies)
      for c in cookies.values():
      s += '\n%s %s' % (str(c), type(c))
      return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in)

      if one access makecookies and then showcookies, you get:

      Traceback (most recent call last):

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1519, in HandlerDispatch
      default=default_handler, arg=req, silent=hlist.silent)

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1224, in _process_target
      result = _execute_target(config, req, object, arg)

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1123, in _execute_target
      result = object(arg)

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 213, in handler
      published = publish_object(req, object)

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 425, in publish_object
      return publish_object(req,util.apply_fs_data(object, req.form, req=req))

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", line 546, in apply_fs_data
      return object(**args)

      File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies
      cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 352, in get_cookies
      return Class.parse(cookies, **kw)

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 254, in parse
      c.unmarshal(secret)

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 282, in unmarshal
      self.value = marshal.loads(base64.decodestring(self.value))

      File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", line 44, in decodestring
      return binascii.a2b_base64(s)

      Error: Incorrect padding

      The problem is that Cookie.get_cookies() makes assumption that all cookies being sent by browser will be of the same derived type, or are a basic cookie. If mixing derived types and they are not compatible as far as unpacking goes, the code will fail.

      For starters, there should be a new function called Cookie.get_cookie() where you name the cookie and it only tries to decode that one cookie. This new method should also be used in the Session class instead of using Cookie.get_cookies().

      Attachments

        Activity

          People

            grahamd Graham Phillip Dumpleton
            grahamd Graham Phillip Dumpleton
            Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment