New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookies need to be CookieJar-backed again. #281
Comments
Why? |
k/v only doesn't account for same keys with different paths. |
So you're gonna use kennethreitz/oreos then? |
We'll see :) |
Why was this issue closed? I'm having problems with exactly this at the moment. As it is requests can not handle cookies across multiple domains. There isn't really a good way to subclass Request or Response, so I ended up patching requests with a modified version of CookieJar that has a partial dict interface. It's not perfect, but at least I am able to take advantage of the many specifics that cookielib handles when deciding whether or not to send a cookie. The Cookie module (which you have patched in oreos), though cleaner than cookielib, contains none of that logic. I should note also that urllib3 appears to parse headers incorrectly. I had to dig down to the httplib and rfc822 level in order to get a properly parsed cookie header. If you think this would be useful, I should be able to share my changes. |
I would love to see the code! Issue is closed because I can't do until later :) |
You can find my changes at https://github.com/dhagrow/requests You'll notice I'm using wrappers around requests.Request/Response to work with cookielib. An alternative would be to include a cookielib that's been patched to use requests. |
Is there an official mechanism for interoperating with persistent I wrote tests for using the functions in https://github.com/slingamn/requests/compare/lwpcookiejar but they fail:
BTW this library is gorgeous! |
Thanks! I'll add it back in eventually :) |
Are you interested in pull requests (possibly based on dhagrow's work) that implement this? |
I wasn't aware of this. requests' cookie handling has many issues (no security at all: shares cookies between domains, does not handle expiration or secure cookies), and I had to use https://github.com/sashahart/cookies in order to have decent cookie parsing. It passed almost all my tests (for some reason it stripped the '.' before domains) and its API is very clean. I implemented a simple cookie jar which works with requests and Cookies: Currently to use it I have to erase the Session cookies on requests (because it tries to merge them with the provided cookies), and replace requests' redirect handling by my own (because hooks aren't called on each redirected request). My implementation does a bit more than strictly required, i.e. a simpler CookiePolicy could be used. Maybe a good step could be to use Cookies instead of "oreos" and allow cookie handling to be delegated. |
It would be very useful to have good support for cookies - https://github.com/sashahart/cookies looks nice. |
Just my two cents, but I would much rather have either
rather than an external cookie library that seems to have no real community and only one maintainer. |
I'd rather do #1 if we can get away with it easily w/o urllib2. |
This is a rebase of dhagrow's patches on top of https://github.com/slingamn/requests/tree/dhagrow Does anyone know how close it is to being finished? It seems mostly right. |
If the answer to that question is "it's not clear", tell me and I can puzzle over it on your behalf :-) We could also ping dhagrow himself. |
From https://github.com/sashahart/cookies
As to
I wouldn't judge based on community's size or number of maintainers. Wouldn't Requests community become this library's community the moment Request starts using it? |
Just because we can doesn't mean we should. I don't want to maintain a cookie library :) |
I actually need cookie storage for my use case. Support for Also, what would the relationship of |
I guess some of these 299 people who forked Requests would help you :) |
The module is practically non-existant. I'd be very happy to use the well-tested standard library modules if they're appropriate. |
What do you mean by The module is practically non-existant.? |
Oreos isn't an effort. |
OK, I'll plan to look at dhagrow's branch, hopefully relatively soon. He's presumably still subscribed to this thread, so I guess this counts as contacting him :-) |
@dhagrow poke, people are interested in your work :-) |
I've tested Python's cookie parsing, oreos, and Cookies. It's the only one that correctly parses multiple cookies in one Set-Cookie:, and recognizes and parses all attributes, including a lot of weird cases. My only issue with it is that it removes the starting '.' from the domain entry if it's there; which is easy to overcome but requires monkeypatching at least for now. It might not be popular, but it's still the only one that does not fail, and it has a lot of tests. A CookieJar isn't something very complicated to implement — mine is less than 100 lines of code, most of my cookiejar.py is added policies and comments. As long as you have proper cookie objects with a good API. I quickly looked at dhagrow's branch, and it does not seem to handle cookies in redirects properly — the cookie of the original request are always sent for the next request. I'm positively surprised though, using mock objects seems to require far less code than I thought. But as I said, it's not like the CookieJar is the hard part, and cookielib focuses on RFCs no one uses (sadly, it seems to be a common trend with web browsers, like GET after 302). |
Can you provide a test such that There's still the issue with |
Sorry, I've been away on business. I haven't looked too much at sashahart's
As I mentioned in one of my original posts, another option is to patch |
@dhagrow Thanks very much! I will look into updating your branch. |
Can someone clarify the expected relationship between |
Session cookies are persistent, like in a browser. Both need to exist. |
Oh, that makes sense. Thanks! |
So it looks like the current behavior in # Remove the cookie headers that were sent.
headers = self.headers
try:
del headers['Cookie']
except KeyError:
pass Can anyone help me find a specification (or a trustworthy reference) that explains exactly what should be done under what circumstances? I'm having trouble Googling the issue, unfortunately. |
After asking around in IRC, this behavior seems like The Right Thing: it'll cause the I've made progress on this in my fork (green tests and such), but it needs more cleanup and more testing. I hope to check back in soon. |
See the pull request at #565. |
Support CookieJar, references #281
Close this? :-) |
I'll open another ticket for documentation. |
Maybe the problem you had is the same as one in urllib3/urllib3#3 (Use MultiDict for headers)? |
That looks like the one, yes. |
No description provided.
The text was updated successfully, but these errors were encountered: