Fix.cookie handling#188
Merged
Merged
Conversation
The documentation for expires incorrectly states that expires can be a timedelta, let's add a test for that.
The documentation erroneously states that that expires can be a datetime.timedelta, this is incorrect, but since it has been documented as such, we should continue accepting it. Add the fact that it can be a datetime.datetime, and probably should be.
Start using the make_cookie call that is available in webob.cookies, this way we don't duplicate the same behavior. There are a couple of backwards compatible fixes: - If expires is set to a timedelta, and max_age is not set, we set max_age to expires a timedelta - expires can also be a datetime, however this was not documented. So if it is a datetime, we want to get a timedelta, by taking the existing expires value, and removing datetime.utcnow() from the value.
We need to document that max_age can be an integer, timedelta or None, and what that means. max_age takes precedence over an expires argument.
Unicode values in cookies are invalid.
The previous standard was the JSON serializer, however with upcoming changes that limit what characters are allowed in cookies, bare JSON no longer worked because it could return values that are invalid to be stored in cookies.
WebOb will now raise a ValueError if an attempt is made to set the cookie to an invalid value. According to RFC6265 a cookie-octet has a specific subset of allowed ASCII characters, and that subset does not change whether the value is DQUOT'ed or not. WebOb will still accept all other cookies, it just won't be able to create them.
We want to make sure we have at least one test for CookieProfile that fetches a cookie from our request object, and then verifies it returns the appropriate answer.
Someday we can get rid of this mess and just be strict about what we send, but until such a day we want to warn people that it is going to happen in the future.
This makes the warning more noticeable to people and will be less likely to be ignored.
Sets up the cookies._should_raise using a module setup/teardown functions instead of setting it at module scope per suggestions from Michael Merickel.
We want to provide people an easy to find resource on what is now going to be valid in a WebOb cookie.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request supersedes the one in #172