<!DOCTYPE html PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN">
<link rel=
"STYLESHEET" href=
"lib.css" type='text/css'
/>
<link rel=
"SHORTCUT ICON" href=
"../icons/pyfav.png" type=
"image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index'
/>
<link rel=
"first" href=
"lib.html" title='Python Library Reference'
/>
<link rel='contents' href='contents.html'
title=
"Contents" />
<link rel='index' href='genindex.html' title='Index'
/>
<link rel='last' href='about.html' title='About this document...'
/>
<link rel='help' href='about.html' title='About this document...'
/>
<link rel=
"next" href=
"module-xmlrpclib.html" />
<link rel=
"prev" href=
"module-cookielib.html" />
<link rel=
"parent" href=
"internet.html" />
<link rel=
"next" href=
"cookie-objects.html" />
<meta name='aesop' content='information'
/>
<title>11.21 Cookie -- HTTP state management
</title>
<div id='top-navigation-panel' xml:id='top-navigation-panel'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"11.20.6 Examples"
href=
"cookielib-examples.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"11. Internet Protocols and"
href=
"internet.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"11.21.1 Cookie Objects"
href=
"cookie-objects.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"cookielib-examples.html">11.20.6 Examples
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"internet.html">11. Internet Protocols and
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"cookie-objects.html">11.21.1 Cookie Objects
</A>
<!--End of Navigation Panel-->
<H1><A NAME=
"SECTION00132100000000000000000">
11.21 <tt class=
"module">Cookie
</tt> --
HTTP state management
</A>
<A NAME=
"module-Cookie"></A>
The
<tt class=
"module">Cookie
</tt> module defines classes for abstracting the concept of
cookies, an HTTP state management mechanism. It supports both simple
string-only cookies, and provides an abstraction for having any serializable
data-type as cookie value.
The module formerly strictly applied the parsing rules described in
the
<a class=
"rfc" id='rfcref-
90561' xml:id='rfcref-
90561'
href=
"http://www.faqs.org/rfcs/rfc2109.html">RFC
2109</a> and
<a class=
"rfc" id='rfcref-
90563' xml:id='rfcref-
90563'
href=
"http://www.faqs.org/rfcs/rfc2068.html">RFC
2068</a> specifications. It has since been discovered
that MSIE
3.0x doesn't follow the character rules outlined in those
specs. As a result, the parsing rules used are a bit less strict.
<dl><dt><b><span class=
"typelabel">exception
</span> <tt id='l2h-
3678' xml:id='l2h-
3678'
class=
"exception">CookieError
</tt></b></dt>
Exception failing because of
<a class=
"rfc" id='rfcref-
90565' xml:id='rfcref-
90565'
href=
"http://www.faqs.org/rfcs/rfc2109.html">RFC
2109</a> invalidity: incorrect
attributes, incorrect
<span class=
"mailheader">Set-Cookie:
</span> header, etc.
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><span class=
"typelabel">class
</span> <tt id='l2h-
3679' xml:id='l2h-
3679'
class=
"class">BaseCookie
</tt></b>(
</nobr></td>
<td><var></var><big>[
</big><var>input
</var><big>]
</big><var></var>)
</td></tr></table></dt>
This class is a dictionary-like object whose keys are strings and
whose values are
<tt class=
"class">Morsel
</tt> instances. Note that upon setting a key to
a value, the value is first converted to a
<tt class=
"class">Morsel
</tt> containing
If
<var>input
</var> is given, it is passed to the
<tt class=
"method">load()
</tt> method.
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><span class=
"typelabel">class
</span> <tt id='l2h-
3680' xml:id='l2h-
3680'
class=
"class">SimpleCookie
</tt></b>(
</nobr></td>
<td><var></var><big>[
</big><var>input
</var><big>]
</big><var></var>)
</td></tr></table></dt>
This class derives from
<tt class=
"class">BaseCookie
</tt> and overrides
<tt class=
"method">value_decode()
</tt> and
<tt class=
"method">value_encode()
</tt> to be the identity
and
<tt class=
"function">str()
</tt> respectively.
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><span class=
"typelabel">class
</span> <tt id='l2h-
3681' xml:id='l2h-
3681'
class=
"class">SerialCookie
</tt></b>(
</nobr></td>
<td><var></var><big>[
</big><var>input
</var><big>]
</big><var></var>)
</td></tr></table></dt>
This class derives from
<tt class=
"class">BaseCookie
</tt> and overrides
<tt class=
"method">value_decode()
</tt> and
<tt class=
"method">value_encode()
</tt> to be the
<tt class=
"function">pickle.loads()
</tt> and
<tt class=
"function">pickle.dumps()
</tt>.
<div class=
"versionnote"><b>Deprecated since release
2.3.
</b>
Reading pickled values from untrusted
cookie data is a huge security hole, as pickle strings can be crafted
to cause arbitrary code to execute on your server. It is supported
for backwards compatibility only, and may eventually go away.
</div><p></p>
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><span class=
"typelabel">class
</span> <tt id='l2h-
3682' xml:id='l2h-
3682'
class=
"class">SmartCookie
</tt></b>(
</nobr></td>
<td><var></var><big>[
</big><var>input
</var><big>]
</big><var></var>)
</td></tr></table></dt>
This class derives from
<tt class=
"class">BaseCookie
</tt>. It overrides
<tt class=
"method">value_decode()
</tt> to be
<tt class=
"function">pickle.loads()
</tt> if it is a
valid pickle, and otherwise the value itself. It overrides
<tt class=
"method">value_encode()
</tt> to be
<tt class=
"function">pickle.dumps()
</tt> unless it is a
string, in which case it returns the value itself.
<div class=
"versionnote"><b>Deprecated since release
2.3.
</b>
The same security warning from
<tt class=
"class">SerialCookie
</tt>
applies here.
</div><p></p>
A further security note is warranted. For backwards compatibility,
the
<tt class=
"module">Cookie
</tt> module exports a class named
<tt class=
"class">Cookie
</tt> which
is just an alias for
<tt class=
"class">SmartCookie
</tt>. This is probably a mistake
and will likely be removed in a future version. You should not use
the
<tt class=
"class">Cookie
</tt> class in your applications, for the same reason why
you should not use the
<tt class=
"class">SerialCookie
</tt> class.
<p class=
"heading">See Also:
</p>
<dl compact=
"compact" class=
"seemodule">
<dt>Module
<b><tt class=
"module"><a href=
"module-cookielib.html">cookielib
</a></tt>:
</b>
<dd>HTTP cookie handling for for web
<em>clients
</em>. The
<tt class=
"module">cookielib
</tt> and
<tt class=
"module">Cookie
</tt>
modules do not depend on each other.
<dl compact=
"compact" class=
"seerfc">
<dt><a href=
"http://www.faqs.org/rfcs/rfc2109.html"
title=
"HTTP State Management Mechanism"
>RFC
2109,
<em>HTTP State Management Mechanism
</em></a>
management specification implemented by this module.
<p><br /></p><hr class='online-navigation'
/>
<div class='online-navigation'
>
<!--Table of Child-Links-->
<A NAME=
"CHILD_LINKS"><STRONG>Subsections
</STRONG></a>
<LI><A href=
"cookie-objects.html">11.21.1 Cookie Objects
</a>
<LI><A href=
"morsel-objects.html">11.21.2 Morsel Objects
</a>
<LI><A href=
"cookie-example.html">11.21.3 Example
</a>
<!--End of Table of Child-Links-->
<div class='online-navigation'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"11.20.6 Examples"
href=
"cookielib-examples.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"11. Internet Protocols and"
href=
"internet.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"11.21.1 Cookie Objects"
href=
"cookie-objects.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"cookielib-examples.html">11.20.6 Examples
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"internet.html">11. Internet Protocols and
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"cookie-objects.html">11.21.1 Cookie Objects
</A>
<span class=
"release-info">Release
2.4.2, documentation updated on
28 September
2005.
</span>
<!--End of Navigation Panel-->
See
<i><a href=
"about.html">About this document...
</a></i> for information on suggesting changes.