Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Cookie value of more than 4096 bytes should not fail silently #780
For more details on cookie size limits, see:
A similar ticket was opened for Django - see:
The Django folks decided not to raise an exception when this happens, because they're using Python's standard Cookie library, so they'd have to duplicate the code to build / output the cookie value. Although they did update their documentation.
This is not an issue for Werkzeug, because it implements the raw encoding of the cookie by itself in
Maybe this should behave like
We can still merge this version in, and then make another patch that extends it.
Monkeypatching is an awful way to do that :)
Maybe dump_cookie could take an argument with the default value being 4096. Since it's probably called from a method in the Response class it could be set to a class attribute - that way people could change the limit by subclassing Response (which is something that would work well in Flask too).