http.cookies.SimpleCookie.parse error after [keys] or some JSON data values

[3b268585-98b1-4a4f-9ec5-15ed2fc3400a]

BPO	41945

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields: ```python assignee = None closed_at = None created_at = labels = ['type-bug', 'library', '3.10'] title = 'http.cookies.SimpleCookie.parse error after [keys] or some JSON data values' updated_at = user = 'https://bugs.python.org/xnovakj' ``` bugs.python.org fields: ```python activity = actor = 'xnovakj' assignee = 'none' closed = False closed_date = None closer = None components = ['Library (Lib)'] creation = creator = 'xnovakj' dependencies = [] files = [] hgrepos = [] issue_num = 41945 keywords = [] message_count = 3.0 messages = ['378041', '380403', '409688'] nosy_count = 1.0 nosy_names = ['xnovakj'] pr_nums = [] priority = 'normal' resolution = None stage = None status = 'open' superseder = None type = 'behavior' url = 'https://bugs.python.org/issue41945' versions = ['Python 3.10'] ```

[3b268585-98b1-4a4f-9ec5-15ed2fc3400a]

If brackets [] are around cookie name, next cookie names are not loaded.

try: import http.cookies as Cookie except ImportError: import Cookie c = Cookie.SimpleCookie() c.load('id=12345; [object Object]=data; something=not loaded') print(c)

Note: It could cause big problems with session etc. We found that Chrome/Edge starts to save and send this type of cookies for some (couple) users. The origin of that [object Object]=... cookies are probably some implementation of https://cookiepedia.co.uk/cookies/euconsent and errors somewhere in external javascripts or browsers?

Related issues: https://bugs.python.org/issue41695 https://bugs.python.org/issue27674

The same problem occures in P3.7, P2.7, six.moves.http_cookies etc.

I know RFT says that cookie-name can't use brackets. But you can set them to browser cookies.

RFC 6265: set-cookie-header = "Set-Cookie:" SP set-cookie-string set-cookie-string = cookie-pair *( ";" SP cookie-av ) cookie-pair = cookie-name "=" cookie-value cookie-name = token token = \<token, defined in [RFC2616], Section 2.2>

RFC 2616: token = 1*\<any CHAR except CTLs or separators> separators = "(" | ")" | "\<" | ">" | "@" | "," | ";" | ":" | "\" | \<"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT

[3b268585-98b1-4a4f-9ec5-15ed2fc3400a]

Possible patch, load parts one by one:

http_cookie = 'id=12345; [object Object]=data; something=not_loaded'
for cookie_key in http_cookie.split(';'):
  c.load(cookie_key)

print c Set-Cookie: id=12345 Set-Cookie: something=not_loaded

[3b268585-98b1-4a4f-9ec5-15ed2fc3400a]

New examples with the structured data.

Problems are with quotes and spaces inside { or [

cookie-script.com set those cookie data: CookieScriptConsent={"action":"accept","categories":"[\\"performance\\"]"}

Python loads only cookies before that JSON structure

>>> from http.cookies import SimpleCookie
>>> ck = SimpleCookie()
>>> ck.load('id=12345; CookieScriptConsent={"action":"accept","categories":"[\\"performance\\"]"}; something="not loaded"')
>>> print(ck)
Set-Cookie: id=12345

This works:
>>> ck.load('id=12345; complex_data={1:[1,2]}; something="loaded"')
>>> print(ck)
Set-Cookie: complex_data={1:[1,2]}
Set-Cookie: id=12345
Set-Cookie: something="loaded"

This not works:
>>> ck.load('id=12345; complex_data={1:[1, 2]}; something="not loaded"')
>>> print(ck)
Set-Cookie: complex_data={1:[1,
Set-Cookie: id=12345

Conclusion: Parsing JSON like cookie objects works, except quotes and without spaces.

Exist some new RFC with JSON data support? How implementation/support/solution in diferent languages? Exist another Python library which support cookie with JSON data?