Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.3.X] Backported the fix for #15852 -- Modified cookie parsing so i…

…t can handle duplicate invalid cookie names. Thanks goes to Fredrik Stålnacke for the report and to vung for the patch.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 68f37a908162ac54cf90c50da6e4f4515ad7bf93 1 parent bf5fdf1
@aaugustin aaugustin authored
6 django/http/
@@ -92,7 +92,7 @@ def value_encode(self, val):
if not _cookie_allows_colon_in_names:
def load(self, rawdata, ignore_parse_errors=False):
if ignore_parse_errors:
- self.bad_cookies = []
+ self.bad_cookies = set()
self._BaseCookie__set = self._loose_set
super(SimpleCookie, self).load(rawdata)
if ignore_parse_errors:
@@ -106,8 +106,8 @@ def _loose_set(self, key, real_value, coded_value):
self._strict_set(key, real_value, coded_value)
except Cookie.CookieError:
- self.bad_cookies.append(key)
- dict.__setitem__(self, key, None)
+ self.bad_cookies.add(key)
+ dict.__setitem__(self, key, Cookie.Morsel())
class CompatCookie(SimpleCookie):
6 tests/regressiontests/httpwrappers/
@@ -281,3 +281,9 @@ def test_nonstandard_keys(self):
Test that a single non-standard cookie name doesn't affect all cookies. Ticket #13007.
self.assertTrue('good_cookie' in parse_cookie('good_cookie=yes;bad:cookie=yes').keys())
+ def test_repeated_nonstandard_keys(self):
+ """
+ Test that a repeated non-standard name doesn't affect all cookies. Ticket #15852
+ """
+ self.assertTrue('good_cookie' in parse_cookie('a,=b; a,=c; good_cookie=yes').keys())
Please sign in to comment.
Something went wrong with that request. Please try again.