In _clientcookie.py:_cookie_attrs() cookie values that do match only \W characters will have there double quotes explicitly escaped.
This changes the value of quoted-cookies when they return to the webapp. For example:
A cookie comes in with the key/value pair: hello => "world"
The quote substitution will make this into: hello => \"world\"
Now wireshark tells me that the following is send on the next request:
# quote cookie value if necessary
# (not for Netscape protocol, which already has any quotes
# intact, due to the poorly-specified Netscape Cookie: syntax)
# if ((cookie.value is not None) and
# self.non_word_re.search(cookie.value) and version > 0):
# value = self.quote_re.sub(r"\\\1", cookie.value)
# else:
value = cookie.value
Everything works as expected.
I'm not quite sure what the comments means by 'not for netscape protocol', should there be an extra check in there
to check that it's not a mozilla style mechanized browser ?
I've checked the webapp (not mime) and it appears to not be doing anything that is not understood by any browser. The cookies as given by the webapp work as expected on any browser.
In _clientcookie.py:_cookie_attrs() cookie values that do match only \W characters will have there double quotes explicitly escaped.
This changes the value of quoted-cookies when they return to the webapp. For example:
A cookie comes in with the key/value pair: hello => "world" The quote substitution will make this into: hello => \"world\" Now wireshark tells me that the following is send on the next request:
When I comment out this part of the code:
Everything works as expected.
I'm not quite sure what the comments means by 'not for netscape protocol', should there be an extra check in there to check that it's not a mozilla style mechanized browser ?
I've checked the webapp (not mime) and it appears to not be doing anything that is not understood by any browser. The cookies as given by the webapp work as expected on any browser.