[Zope-dev] More robust cookie handling

S.Aeschbacher zope at bturtle.ch
Wed Mar 30 10:06:47 EST 2005


Hi
during some testing I did I stumbled over this problem.

When a client which is accessing a page on a Zope server sends a _ZopeId
with other spelling (e.g. _ZOPEID). Zope does not accept the cookie and
(obviously) sends a new value in the answer.

According to RFC 2965 and RFC 2109 (defines the Set-Cookie header but is
obsolete by RFC 2965) the NAME part of a name-value pair is treated
case-insensitive.

I'm not sure if this is a issue worth bothering as all user-agents seem
to leave the NAME part intact (except my self-written test-suite ;).
Changing the behaviour to ignore the case of the name would make it
somewhat more robust.

If you think it is worth bothering I will open an Issue in the Collector.

regards

Stefan


More information about the Zope-Dev mailing list