451 raise CookieError(“Attempt to set a reserved key: %s” % key)
452 if “” != translate(key, idmap, LegalChars):
453 raise CookieError(“Illegal key value: %s” % key)
454
455 # It’s a good key, so save it.
global CookieError =, key = ‘ABC:123.123.123.123:XYZ’
CookieError: Illegal key value: ABC:123.123.123.123:XYZ
args = (‘Illegal key value: ABC:123.123.123.123:XYZ’,)
Really? Apparently Python’s (at least the cruddy version I’m stuck with in RHEL 5) Cookie implementation is rather strict in the headers it will accept and will just blow up if there are characters that are not in the RFC.
http://markmail.org/message/bsabuonsslb4ybiz
While I generally would agree that the implementation conform to the spec and indicate when the input is non-standard, I think just blowing up is rather harsh. There have to be garbage cookies floating around there on the web. Unfortunately this one is related to the single sign on system in front of my app. So there are two fails here.
So I guess I’m left to figure out a way to kill this cookie before Python sees it…most likely I’ll have to implement this as a mysterious hack in the config of the Apache instance that frontends it. Unless I can sneak it into some WSGI layer. But I’ll probably just hack it because my life and patience are finite.