We've been having trouble with python-request's handling of a client-side generated cookie that has domain set to "localhost". This issue did not occur with our pycurl code. Inspection of the previous code showed that we did not set the domain (or any cookie attributes) on the client-generated cookie that we were returning to the server. This commit removes the setting of attributes on the client-generated cookie in our new code.
This seems to be correct because attributes on cookies (path, domain, secure, httponly, etc) are only set on a Set-Cookie header that is sent by the server to the client. The client uses those attributes when it determines whether a particular cookie should be sent back to the server when a new url is requested but it does not include them when it passes the cookie name and values back in a Cookie header.
Wikipedia section with that in plain English: http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_attributes
Relevant section from the Cookie RFC: http://tools.ietf.org/html/rfc6265#section-5.4 The fourth step in creating the cookie header is to "Output the cookie's name, the %x3D ("=") character, and the cookie's value." The cookie's attributes were only used to determine if the data would be set; it isn't set in the Cookie header. Also contrast with http://tools.ietf.org/html/rfc6265#section-5.2 which talks about the Set-Cookie header that is sent by the server.
Remove attributes on cookies as this is a client-side generated cookie
Remove unused imports (from the pycurl to python-requests refactor)
I tried using this in a test case and ended up getting those tracebacks again:
Traceback (most recent call last):
File "testit.py", line 40, in <module>
File "/home/fedora/ralph/testing-stuff/lib/python2.6/site-packages/fedora/client/bodhi.py", line 147, in query
return self.send_request('list', req_params=params, auth=auth)
File "/home/fedora/ralph/testing-stuff/lib/python2.6/site-packages/fedora/client/baseclient.py", line 346, in send_request
File "/home/fedora/ralph/testing-stuff/lib/python2.6/site-packages/fedora/client/proxyclient.py", line 381, in send_request
new_session = response.cookies.get(self.session_name, '')
File "/home/fedora/ralph/testing-stuff/lib/python2.6/site-packages/requests/cookies.py", line 160, in get
return self._find_no_duplicates(name, domain, path)
File "/home/fedora/ralph/testing-stuff/lib/python2.6/site-packages/requests/cookies.py", line 281, in _find_no_duplicates
raise CookieConflictError('There are multiple cookies with name, %r' % (name))
requests.cookies.CookieConflictError: There are multiple cookies with name, 'tg-visit'
Here's the script I used for testing. (It is a little awkward because I was trying to model what /usr/bin/bodhi was doing).
c = fedora.client.BodhiClient(
"http://localhost/updates", # I'm running this on releng04
username="ralph", # Change this to your username
print "Trying a second time..."
print "Third time's a charm..."
c.password = getpass.getpass("pw plz")
It is useful for debugging to add print statements on response.cookies after the call to requests.post(...). If you add a print response.cookies line, you see the following::
<<class 'requests.cookies.RequestsCookieJar'> [
<Cookie tg-visit=a23f6dac037b13c4314c36e856f51e33c4b81483 for />,
<Cookie tg-visit=a23f6dac037b13c4314c36e856f51e33c4b81483 for localhost.local/>
The first cookie is the one that we set in the beginning on our request. The second is the one set by the server. python-requests then gets "confused" about what to do and we get the traceback at the top of this comment.
Worked on the broken test case today and found out that this is a bug in python-requests < 1.0.0. When requests posts to a url, you may set some cookies on the Request so that they are sent to the server. When the server replies python-requests sets up a response object. In 0.14.x, the cookies that are set on the Response object are taken from both the cookies that were returned from the server and from the cookies that the Request object holds. This is incorrect behaviour. Many pieces of code want to know specifically what cookies were returned from the server as these will be the most current and may contain information that should replace what was given before.
I've generated a patch for python-requests to do that. We'll be testing it in infrastructure along with this patch to python-fedora tonight.
Reviewed by threebean. Merged to devel via git flow