durusmail: quixote-users: Quoting! Yay!
Quoting! Yay!
2004-04-22
Evan LaForge
2004-05-04
Neil Schemenauer
Quoting! Yay!
Neil Schemenauer
2004-05-04
>           if config.session_cookie_path:
>               path = config.session_cookie_path
>           else:
> -             path = request.environ['SCRIPT_NAME']
> +             path = quixote.html.url_quote(request.environ['SCRIPT_NAME'])
>               if not path.endswith("/"):
>                   path += "/"
>           domain = config.session_cookie_domain
>           request.response.set_cookie(name, value, domain=domain,
>                                   path=path, **attrs)


> This is because browsers (well, my browser) set SCRIPT_NAME to the unquoted
> path, and consider a cookie with a path of '/~me/' different from '/%7Eme/'.
> So if your app properly url-quotes its paths, it's not going to get the cookie
> if session_cookie_path = None.

I think the idea of this patch is basically correct.  I would prefer
quoting the entire path, eg.

    request.response.set_cookie(name, value, domain=domain,
                                path=url_quote(path), **attrs)

That would mean that the path set in the config file would be
unquoted.

  Neil
reply