Cookie — HTTP state management
Source code: Lib/Cookie.py
Cookie module defines classes for abstracting the concept of
cookies, an HTTP state management mechanism. It supports both simple string-only
cookies, and provides an abstraction for having any serializable data-type as
The module formerly strictly applied the parsing rules described in the RFC 2109 and RFC 2068 specifications. It has since been discovered that MSIE 3.0x doesn’t follow the character rules outlined in those specs and also many current day browsers and servers have relaxed parsing rules when comes to Cookie handling. As a result, the parsing rules used are a bit less strict.
Exception failing because of RFC 2109 invalidity: incorrect attributes, incorrect Set-Cookie header, etc.
This class is a dictionary-like object whose keys are strings and whose values are
Morselinstances. Note that upon setting a key to a value, the value is first converted to a
Morselcontaining the key and the value.
If input is given, it is passed to the
Deprecated since version 2.3: Reading pickled values from untrusted cookie data is a huge security hole, as pickle strings can be crafted to cause arbitrary code to execute on your server. It is supported for backwards compatibility only, and may eventually go away.
This class derives from
BaseCookie. It overrides
pickle.loads()if it is a valid pickle, and otherwise the value itself. It overrides
pickle.dumps()unless it is a string, in which case it returns the value itself.
Deprecated since version 2.3: The same security warning from
A further security note is warranted. For backwards compatibility, the
Cookie module exports a class named
Cookie which is
just an alias for
SmartCookie. This is probably a mistake and will
likely be removed in a future version. You should not use the
Cookie class in your applications, for the same reason why
you should not use the
20.22.2. Morsel Objects
Abstract a key/value pair, which has some RFC 2109 attributes.
Morsels are dictionary-like objects, whose set of keys is constant — the valid RFC 2109 attributes, which are
The keys are case-insensitive.
New in version 2.6: The
httponlyattribute was added.
The value of the cookie.
The encoded value of the cookie — this is what should be sent.
The name of the cookie.
set(key, value, coded_value)
Set the key, value and coded_value attributes.
Whether K is a member of the set of keys of a
Return a string representation of the Morsel, suitable to be sent as an HTTP header. By default, all the attributes are included, unless attrs is given, in which case it should be a list of attributes to use. header is by default
The meaning for attrs is the same as in
The meaning for attrs is the same as in
The following example demonstrates how to use the
>>> import Cookie >>> C = Cookie.SimpleCookie() >>> C["fig"] = "newton" >>> C["sugar"] = "wafer" >>> print C # generate HTTP headers Set-Cookie: fig=newton Set-Cookie: sugar=wafer >>> print C.output() # same thing Set-Cookie: fig=newton Set-Cookie: sugar=wafer >>> C = Cookie.SimpleCookie() >>> C["rocky"] = "road" >>> C["rocky"]["path"] = "/cookie" >>> print C.output(header="Cookie:") Cookie: rocky=road; Path=/cookie >>> print C.output(attrs=, header="Cookie:") Cookie: rocky=road >>> C = Cookie.SimpleCookie() >>> C.load("chips=ahoy; vienna=finger") # load from a string (HTTP header) >>> print C Set-Cookie: chips=ahoy Set-Cookie: vienna=finger >>> C = Cookie.SimpleCookie() >>> C.load('keebler="E=everybody; L=\\"Loves\\"; fudge=\\012;";') >>> print C Set-Cookie: keebler="E=everybody; L=\"Loves\"; fudge=\012;" >>> C = Cookie.SimpleCookie() >>> C["oreo"] = "doublestuff" >>> C["oreo"]["path"] = "/" >>> print C Set-Cookie: oreo=doublestuff; Path=/ >>> C["twix"] = "none for you" >>> C["twix"].value 'none for you' >>> C = Cookie.SimpleCookie() >>> C["number"] = 7 # equivalent to C["number"] = str(7) >>> C["string"] = "seven" >>> C["number"].value '7' >>> C["string"].value 'seven' >>> print C Set-Cookie: number=7 Set-Cookie: string=seven >>> # SerialCookie and SmartCookie are deprecated >>> # using it can cause security loopholes in your code. >>> C = Cookie.SerialCookie() >>> C["number"] = 7 >>> C["string"] = "seven" >>> C["number"].value 7 >>> C["string"].value 'seven' >>> print C Set-Cookie: number="I7\012." Set-Cookie: string="S'seven'\012p1\012." >>> C = Cookie.SmartCookie() >>> C["number"] = 7 >>> C["string"] = "seven" >>> C["number"].value 7 >>> C["string"].value 'seven' >>> print C Set-Cookie: number="I7\012." Set-Cookie: string=seven