Commit | Line | Data |
---|---|---|
920dae64 AT |
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
2 | <html> | |
3 | <head> | |
4 | <link rel="STYLESHEET" href="lib.css" type='text/css' /> | |
5 | <link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" /> | |
6 | <link rel='start' href='../index.html' title='Python Documentation Index' /> | |
7 | <link rel="first" href="lib.html" title='Python Library Reference' /> | |
8 | <link rel='contents' href='contents.html' title="Contents" /> | |
9 | <link rel='index' href='genindex.html' title='Index' /> | |
10 | <link rel='last' href='about.html' title='About this document...' /> | |
11 | <link rel='help' href='about.html' title='About this document...' /> | |
12 | <link rel="next" href="module-xmlrpclib.html" /> | |
13 | <link rel="prev" href="module-cookielib.html" /> | |
14 | <link rel="parent" href="internet.html" /> | |
15 | <link rel="next" href="cookie-objects.html" /> | |
16 | <meta name='aesop' content='information' /> | |
17 | <title>11.21 Cookie -- HTTP state management</title> | |
18 | </head> | |
19 | <body> | |
20 | <DIV CLASS="navigation"> | |
21 | <div id='top-navigation-panel' xml:id='top-navigation-panel'> | |
22 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> | |
23 | <tr> | |
24 | <td class='online-navigation'><a rel="prev" title="11.20.6 Examples" | |
25 | href="cookielib-examples.html"><img src='../icons/previous.png' | |
26 | border='0' height='32' alt='Previous Page' width='32' /></A></td> | |
27 | <td class='online-navigation'><a rel="parent" title="11. Internet Protocols and" | |
28 | href="internet.html"><img src='../icons/up.png' | |
29 | border='0' height='32' alt='Up One Level' width='32' /></A></td> | |
30 | <td class='online-navigation'><a rel="next" title="11.21.1 Cookie Objects" | |
31 | href="cookie-objects.html"><img src='../icons/next.png' | |
32 | border='0' height='32' alt='Next Page' width='32' /></A></td> | |
33 | <td align="center" width="100%">Python Library Reference</td> | |
34 | <td class='online-navigation'><a rel="contents" title="Table of Contents" | |
35 | href="contents.html"><img src='../icons/contents.png' | |
36 | border='0' height='32' alt='Contents' width='32' /></A></td> | |
37 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' | |
38 | border='0' height='32' alt='Module Index' width='32' /></a></td> | |
39 | <td class='online-navigation'><a rel="index" title="Index" | |
40 | href="genindex.html"><img src='../icons/index.png' | |
41 | border='0' height='32' alt='Index' width='32' /></A></td> | |
42 | </tr></table> | |
43 | <div class='online-navigation'> | |
44 | <b class="navlabel">Previous:</b> | |
45 | <a class="sectref" rel="prev" href="cookielib-examples.html">11.20.6 Examples</A> | |
46 | <b class="navlabel">Up:</b> | |
47 | <a class="sectref" rel="parent" href="internet.html">11. Internet Protocols and</A> | |
48 | <b class="navlabel">Next:</b> | |
49 | <a class="sectref" rel="next" href="cookie-objects.html">11.21.1 Cookie Objects</A> | |
50 | </div> | |
51 | <hr /></div> | |
52 | </DIV> | |
53 | <!--End of Navigation Panel--> | |
54 | ||
55 | <H1><A NAME="SECTION00132100000000000000000"> | |
56 | 11.21 <tt class="module">Cookie</tt> -- | |
57 | HTTP state management</A> | |
58 | </H1> | |
59 | ||
60 | <P> | |
61 | <A NAME="module-Cookie"></A> | |
62 | ||
63 | <P> | |
64 | The <tt class="module">Cookie</tt> module defines classes for abstracting the concept of | |
65 | cookies, an HTTP state management mechanism. It supports both simple | |
66 | string-only cookies, and provides an abstraction for having any serializable | |
67 | data-type as cookie value. | |
68 | ||
69 | <P> | |
70 | The module formerly strictly applied the parsing rules described in | |
71 | the <a class="rfc" id='rfcref-90561' xml:id='rfcref-90561' | |
72 | href="http://www.faqs.org/rfcs/rfc2109.html">RFC 2109</a> and <a class="rfc" id='rfcref-90563' xml:id='rfcref-90563' | |
73 | href="http://www.faqs.org/rfcs/rfc2068.html">RFC 2068</a> specifications. It has since been discovered | |
74 | that MSIE 3.0x doesn't follow the character rules outlined in those | |
75 | specs. As a result, the parsing rules used are a bit less strict. | |
76 | ||
77 | <P> | |
78 | <dl><dt><b><span class="typelabel">exception</span> <tt id='l2h-3678' xml:id='l2h-3678' class="exception">CookieError</tt></b></dt> | |
79 | <dd> | |
80 | Exception failing because of <a class="rfc" id='rfcref-90565' xml:id='rfcref-90565' | |
81 | href="http://www.faqs.org/rfcs/rfc2109.html">RFC 2109</a> invalidity: incorrect | |
82 | attributes, incorrect <span class="mailheader">Set-Cookie:</span> header, etc. | |
83 | </dd></dl> | |
84 | ||
85 | <P> | |
86 | <dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline"> | |
87 | <td><nobr><b><span class="typelabel">class</span> <tt id='l2h-3679' xml:id='l2h-3679' class="class">BaseCookie</tt></b>(</nobr></td> | |
88 | <td><var></var><big>[</big><var>input</var><big>]</big><var></var>)</td></tr></table></dt> | |
89 | <dd> | |
90 | This class is a dictionary-like object whose keys are strings and | |
91 | whose values are <tt class="class">Morsel</tt> instances. Note that upon setting a key to | |
92 | a value, the value is first converted to a <tt class="class">Morsel</tt> containing | |
93 | the key and the value. | |
94 | ||
95 | <P> | |
96 | If <var>input</var> is given, it is passed to the <tt class="method">load()</tt> method. | |
97 | </dl> | |
98 | ||
99 | <P> | |
100 | <dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline"> | |
101 | <td><nobr><b><span class="typelabel">class</span> <tt id='l2h-3680' xml:id='l2h-3680' class="class">SimpleCookie</tt></b>(</nobr></td> | |
102 | <td><var></var><big>[</big><var>input</var><big>]</big><var></var>)</td></tr></table></dt> | |
103 | <dd> | |
104 | This class derives from <tt class="class">BaseCookie</tt> and overrides | |
105 | <tt class="method">value_decode()</tt> and <tt class="method">value_encode()</tt> to be the identity | |
106 | and <tt class="function">str()</tt> respectively. | |
107 | </dl> | |
108 | ||
109 | <P> | |
110 | <dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline"> | |
111 | <td><nobr><b><span class="typelabel">class</span> <tt id='l2h-3681' xml:id='l2h-3681' class="class">SerialCookie</tt></b>(</nobr></td> | |
112 | <td><var></var><big>[</big><var>input</var><big>]</big><var></var>)</td></tr></table></dt> | |
113 | <dd> | |
114 | This class derives from <tt class="class">BaseCookie</tt> and overrides | |
115 | <tt class="method">value_decode()</tt> and <tt class="method">value_encode()</tt> to be the | |
116 | <tt class="function">pickle.loads()</tt> and <tt class="function">pickle.dumps()</tt>. | |
117 | ||
118 | <P> | |
119 | <div class="versionnote"><b>Deprecated since release 2.3.</b> | |
120 | Reading pickled values from untrusted | |
121 | cookie data is a huge security hole, as pickle strings can be crafted | |
122 | to cause arbitrary code to execute on your server. It is supported | |
123 | for backwards compatibility only, and may eventually go away.</div><p></p> | |
124 | </dl> | |
125 | ||
126 | <P> | |
127 | <dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline"> | |
128 | <td><nobr><b><span class="typelabel">class</span> <tt id='l2h-3682' xml:id='l2h-3682' class="class">SmartCookie</tt></b>(</nobr></td> | |
129 | <td><var></var><big>[</big><var>input</var><big>]</big><var></var>)</td></tr></table></dt> | |
130 | <dd> | |
131 | This class derives from <tt class="class">BaseCookie</tt>. It overrides | |
132 | <tt class="method">value_decode()</tt> to be <tt class="function">pickle.loads()</tt> if it is a | |
133 | valid pickle, and otherwise the value itself. It overrides | |
134 | <tt class="method">value_encode()</tt> to be <tt class="function">pickle.dumps()</tt> unless it is a | |
135 | string, in which case it returns the value itself. | |
136 | ||
137 | <P> | |
138 | <div class="versionnote"><b>Deprecated since release 2.3.</b> | |
139 | The same security warning from <tt class="class">SerialCookie</tt> | |
140 | applies here.</div><p></p> | |
141 | </dl> | |
142 | ||
143 | <P> | |
144 | A further security note is warranted. For backwards compatibility, | |
145 | the <tt class="module">Cookie</tt> module exports a class named <tt class="class">Cookie</tt> which | |
146 | is just an alias for <tt class="class">SmartCookie</tt>. This is probably a mistake | |
147 | and will likely be removed in a future version. You should not use | |
148 | the <tt class="class">Cookie</tt> class in your applications, for the same reason why | |
149 | you should not use the <tt class="class">SerialCookie</tt> class. | |
150 | ||
151 | <P> | |
152 | <div class="seealso"> | |
153 | <p class="heading">See Also:</p> | |
154 | ||
155 | <dl compact="compact" class="seemodule"> | |
156 | <dt>Module <b><tt class="module"><a href="module-cookielib.html">cookielib</a></tt>:</b> | |
157 | <dd>HTTP cookie handling for for web | |
158 | <em>clients</em>. The <tt class="module">cookielib</tt> and <tt class="module">Cookie</tt> | |
159 | modules do not depend on each other. | |
160 | </dl> | |
161 | ||
162 | <P> | |
163 | <dl compact="compact" class="seerfc"> | |
164 | <dt><a href="http://www.faqs.org/rfcs/rfc2109.html" | |
165 | title="HTTP State Management Mechanism" | |
166 | >RFC 2109, <em>HTTP State Management Mechanism</em></a> | |
167 | <dd>This is the state | |
168 | management specification implemented by this module. | |
169 | </dl> | |
170 | </div> | |
171 | ||
172 | <P> | |
173 | ||
174 | <p><br /></p><hr class='online-navigation' /> | |
175 | <div class='online-navigation'> | |
176 | <!--Table of Child-Links--> | |
177 | <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></a> | |
178 | ||
179 | <UL CLASS="ChildLinks"> | |
180 | <LI><A href="cookie-objects.html">11.21.1 Cookie Objects</a> | |
181 | <LI><A href="morsel-objects.html">11.21.2 Morsel Objects</a> | |
182 | <LI><A href="cookie-example.html">11.21.3 Example</a> | |
183 | </ul> | |
184 | <!--End of Table of Child-Links--> | |
185 | </div> | |
186 | ||
187 | <DIV CLASS="navigation"> | |
188 | <div class='online-navigation'> | |
189 | <p></p><hr /> | |
190 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> | |
191 | <tr> | |
192 | <td class='online-navigation'><a rel="prev" title="11.20.6 Examples" | |
193 | href="cookielib-examples.html"><img src='../icons/previous.png' | |
194 | border='0' height='32' alt='Previous Page' width='32' /></A></td> | |
195 | <td class='online-navigation'><a rel="parent" title="11. Internet Protocols and" | |
196 | href="internet.html"><img src='../icons/up.png' | |
197 | border='0' height='32' alt='Up One Level' width='32' /></A></td> | |
198 | <td class='online-navigation'><a rel="next" title="11.21.1 Cookie Objects" | |
199 | href="cookie-objects.html"><img src='../icons/next.png' | |
200 | border='0' height='32' alt='Next Page' width='32' /></A></td> | |
201 | <td align="center" width="100%">Python Library Reference</td> | |
202 | <td class='online-navigation'><a rel="contents" title="Table of Contents" | |
203 | href="contents.html"><img src='../icons/contents.png' | |
204 | border='0' height='32' alt='Contents' width='32' /></A></td> | |
205 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' | |
206 | border='0' height='32' alt='Module Index' width='32' /></a></td> | |
207 | <td class='online-navigation'><a rel="index" title="Index" | |
208 | href="genindex.html"><img src='../icons/index.png' | |
209 | border='0' height='32' alt='Index' width='32' /></A></td> | |
210 | </tr></table> | |
211 | <div class='online-navigation'> | |
212 | <b class="navlabel">Previous:</b> | |
213 | <a class="sectref" rel="prev" href="cookielib-examples.html">11.20.6 Examples</A> | |
214 | <b class="navlabel">Up:</b> | |
215 | <a class="sectref" rel="parent" href="internet.html">11. Internet Protocols and</A> | |
216 | <b class="navlabel">Next:</b> | |
217 | <a class="sectref" rel="next" href="cookie-objects.html">11.21.1 Cookie Objects</A> | |
218 | </div> | |
219 | </div> | |
220 | <hr /> | |
221 | <span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span> | |
222 | </DIV> | |
223 | <!--End of Navigation Panel--> | |
224 | <ADDRESS> | |
225 | See <i><a href="about.html">About this document...</a></i> for information on suggesting changes. | |
226 | </ADDRESS> | |
227 | </BODY> | |
228 | </HTML> |