<!DOCTYPE html PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN">
<link rel=
"STYLESHEET" href=
"lib.css" type='text/css'
/>
<link rel=
"SHORTCUT ICON" href=
"../icons/pyfav.png" type=
"image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index'
/>
<link rel=
"first" href=
"lib.html" title='Python Library Reference'
/>
<link rel='contents' href='contents.html'
title=
"Contents" />
<link rel='index' href='genindex.html' title='Index'
/>
<link rel='last' href='about.html' title='About this document...'
/>
<link rel='help' href='about.html' title='About this document...'
/>
<link rel=
"next" href=
"cookie-jar-objects.html" />
<link rel=
"prev" href=
"cookie-policy-objects.html" />
<link rel=
"parent" href=
"module-cookielib.html" />
<link rel=
"next" href=
"cookie-jar-objects.html" />
<meta name='aesop' content='information'
/>
<title>11.20.4 DefaultCookiePolicy Objects
</title>
<div id='top-navigation-panel' xml:id='top-navigation-panel'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"11.20.3 CookiePolicy Objects"
href=
"cookie-policy-objects.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"11.20 cookielib "
href=
"module-cookielib.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"11.20.5 Cookie Objects"
href=
"cookie-jar-objects.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"cookie-policy-objects.html">11.20.3 CookiePolicy Objects
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"module-cookielib.html">11.20 cookielib
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"cookie-jar-objects.html">11.20.5 Cookie Objects
</A>
<!--End of Navigation Panel-->
<H2><A NAME=
"SECTION00132040000000000000000"></A><A NAME=
"default-cookie-policy-objects"></A>
11.20.4 DefaultCookiePolicy Objects
Implements the standard rules for accepting and returning cookies.
Both RFC
2965 and Netscape cookies are covered. RFC
2965 handling is
The easiest way to provide your own policy is to override this class
and call its methods in your overridden implementations before adding
your own additional checks:
<div class=
"verbatim"><pre>
class MyCookiePolicy(cookielib.DefaultCookiePolicy):
def set_ok(self, cookie, request):
if not cookielib.DefaultCookiePolicy.set_ok(self, cookie, request):
if i_dont_want_to_store_this_cookie(cookie):
In addition to the features required to implement the
<tt class=
"class">CookiePolicy
</tt> interface, this class allows you to block and
allow domains from setting and receiving cookies. There are also some
strictness switches that allow you to tighten up the rather loose
Netscape protocol rules a little bit (at the cost of blocking some
A domain blacklist and whitelist is provided (both off by default).
Only domains not in the blacklist and present in the whitelist (if the
whitelist is active) participate in cookie setting and returning. Use
the
<var>blocked_domains
</var> constructor argument, and
<tt class=
"method">blocked_domains()
</tt> and
<tt class=
"method">set_blocked_domains()
</tt> methods
(and the corresponding argument and methods for
<var>allowed_domains
</var>). If you set a whitelist, you can turn it off
again by setting it to
<tt class=
"constant">None
</tt>.
Domains in block or allow lists that do not start with a dot must
equal the cookie domain to be matched. For example,
<code>"example.com"</code> matches a blacklist entry of
<code>"example.com"</code>, but
<code>"www.example.com"</code> does not. Domains
that do start with a dot are matched by more specific domains too.
For example, both
<code>"www.example.com"</code> and
<code>"www.coyote.example.com"</code> match
<code>".example.com"</code> (but
<code>"example.com"</code> itself does not). IP addresses are an exception,
and must match exactly. For example, if blocked_domains contains
<code>"192.168.1.2"</code> and
<code>".168.1.2"</code>,
192.168.1.2 is blocked,
<tt class=
"class">DefaultCookiePolicy
</tt> implements the following additional
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><tt id='l2h-
3643' xml:id='l2h-
3643'
class=
"method">blocked_domains
</tt></b>(
</nobr></td>
<td><var></var>)
</td></tr></table></dt>
Return the sequence of blocked domains (as a tuple).
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><tt id='l2h-
3644' xml:id='l2h-
3644'
class=
"method">set_blocked_domains
</tt></b>(
</nobr></td>
<td><var>blocked_domains
</var>)
</td></tr></table></dt>
Set the sequence of blocked domains.
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><tt id='l2h-
3645' xml:id='l2h-
3645'
class=
"method">is_blocked
</tt></b>(
</nobr></td>
<td><var>domain
</var>)
</td></tr></table></dt>
Return whether
<var>domain
</var> is on the blacklist for setting or
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><tt id='l2h-
3646' xml:id='l2h-
3646'
class=
"method">allowed_domains
</tt></b>(
</nobr></td>
<td><var></var>)
</td></tr></table></dt>
Return
<tt class=
"constant">None
</tt>, or the sequence of allowed domains (as a tuple).
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><tt id='l2h-
3647' xml:id='l2h-
3647'
class=
"method">set_allowed_domains
</tt></b>(
</nobr></td>
<td><var>allowed_domains
</var>)
</td></tr></table></dt>
Set the sequence of allowed domains, or
<tt class=
"constant">None
</tt>.
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><tt id='l2h-
3648' xml:id='l2h-
3648'
class=
"method">is_not_allowed
</tt></b>(
</nobr></td>
<td><var>domain
</var>)
</td></tr></table></dt>
Return whether
<var>domain
</var> is not on the whitelist for setting or
<tt class=
"class">DefaultCookiePolicy
</tt> instances have the following attributes,
which are all initialised from the constructor arguments of the same
name, and which may all be assigned to.
General strictness switches:
<dl><dt><b><tt id='l2h-
3649' xml:id='l2h-
3649'
class=
"member">strict_domain
</tt></b></dt>
Don't allow sites to set two-component domains with country-code
top-level domains like
<code>.co.uk
</code>,
<code>.gov.uk
</code>,
<code>.co.nz
</code>.etc. This is far from perfect and isn't guaranteed to
RFC
2965 protocol strictness switches:
<dl><dt><b><tt id='l2h-
3650' xml:id='l2h-
3650'
class=
"member">strict_rfc2965_unverifiable
</tt></b></dt>
Follow RFC
2965 rules on unverifiable transactions (usually, an
unverifiable transaction is one resulting from a redirect or a request
for an image hosted on another site). If this is false, cookies are
<em>never
</em> blocked on the basis of verifiability
Netscape protocol strictness switches:
<dl><dt><b><tt id='l2h-
3651' xml:id='l2h-
3651'
class=
"member">strict_ns_unverifiable
</tt></b></dt>
apply RFC
2965 rules on unverifiable transactions even to Netscape
<dl><dt><b><tt id='l2h-
3652' xml:id='l2h-
3652'
class=
"member">strict_ns_domain
</tt></b></dt>
Flags indicating how strict to be with domain-matching rules for
Netscape cookies. See below for acceptable values.
<dl><dt><b><tt id='l2h-
3653' xml:id='l2h-
3653'
class=
"member">strict_ns_set_initial_dollar
</tt></b></dt>
Ignore cookies in Set-Cookie: headers that have names starting with
<dl><dt><b><tt id='l2h-
3654' xml:id='l2h-
3654'
class=
"member">strict_ns_set_path
</tt></b></dt>
Don't allow setting cookies whose path doesn't path-match request URI.
<tt class=
"member">strict_ns_domain
</tt> is a collection of flags. Its value is
constructed by or-ing together (for example,
<code>DomainStrictNoDots|DomainStrictNonDomain
</code> means both flags are
<dl><dt><b><tt id='l2h-
3655' xml:id='l2h-
3655'
class=
"member">DomainStrictNoDots
</tt></b></dt>
When setting cookies, the 'host prefix' must not contain a dot
(eg.
<code>www.foo.bar.com
</code> can't set a cookie for
<code>.bar.com
</code>,
because
<code>www.foo
</code> contains a dot).
<dl><dt><b><tt id='l2h-
3656' xml:id='l2h-
3656'
class=
"member">DomainStrictNonDomain
</tt></b></dt>
Cookies that did not explicitly specify a
<code>domain
</code>
cookie-attribute can only be returned to a domain equal to the domain
that set the cookie (eg.
<code>spam.example.com
</code> won't be returned
cookies from
<code>example.com
</code> that had no
<code>domain
</code>
<dl><dt><b><tt id='l2h-
3657' xml:id='l2h-
3657'
class=
"member">DomainRFC2965Match
</tt></b></dt>
When setting cookies, require a full RFC
2965 domain-match.
The following attributes are provided for convenience, and are the
most useful combinations of the above flags:
<dl><dt><b><tt id='l2h-
3658' xml:id='l2h-
3658'
class=
"member">DomainLiberal
</tt></b></dt>
Equivalent to
0 (ie. all of the above Netscape domain strictness flags
<dl><dt><b><tt id='l2h-
3659' xml:id='l2h-
3659'
class=
"member">DomainStrict
</tt></b></dt>
Equivalent to
<code>DomainStrictNoDots|DomainStrictNonDomain
</code>.
<div class='online-navigation'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"11.20.3 CookiePolicy Objects"
href=
"cookie-policy-objects.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"11.20 cookielib "
href=
"module-cookielib.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"11.20.5 Cookie Objects"
href=
"cookie-jar-objects.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"cookie-policy-objects.html">11.20.3 CookiePolicy Objects
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"module-cookielib.html">11.20 cookielib
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"cookie-jar-objects.html">11.20.5 Cookie Objects
</A>
<span class=
"release-info">Release
2.4.2, documentation updated on
28 September
2005.
</span>
<!--End of Navigation Panel-->
See
<i><a href=
"about.html">About this document...
</a></i> for information on suggesting changes.