The Cookie module defines classes for abstracting the concept of
cookies, an HTTP state management mechanism. It supports both simple
string-only cookies, and provides an abstraction for having any serializable
data-type as cookie value.
The module formerly strictly applied the parsing rules described in in
the RFC 2109 and RFC 2068 specifications. It has since been discovered
that MSIE 3.0x doesn't follow the character rules outlined in those
specs. As a result, the parsing rules used are a bit less strict.
- exception CookieError
-
Exception failing because of RFC 2109 invalidity: incorrect
attributes, incorrect
Set-Cookie
header, etc.
- class BaseCookie([input])
-
This class is a dictionary-like object whose keys are strings and
whose values are Morsels. Note that upon setting a key to
a value, the value is first converted to a Morsel containing
the key and the value.
If input is given, it is passed to the load method.
- class SimpleCookie([input])
-
This class derives from BaseCookie and overrides value_decode
and value_encode to be the identity and str() respectively.
- class SerialCookie([input])
-
This class derives from BaseCookie and overrides value_decode
and value_encode to be the pickle.loads() and
pickle.dumps.
Do not use this class. Reading pickled values from a cookie is a
security hole, as arbitrary client-code can be run on
pickle.loads(). It is supported for backwards
compatibility.
- class SmartCookie([input])
-
This class derives from BaseCookie. It overrides value_decode
to be pickle.loads() if it is a valid pickle, and otherwise
the value itself. It overrides value_encode to be
pickle.dumps() unless it is a string, in which case it returns
the value itself.
The same security warning from SerialCookie applies here.
Subsections
See About this document... for information on suggesting changes.