aaug...@bcc190cf-cafb-0310-a4f2-bffc1f526a37  committed 88402e8

[1.3.X] Backported the fix for #15852 -- Modified cookie parsing so it can handle duplicate invalid cookie names. Thanks goes to Fredrik Stålnacke for the report and to vung for the patch.

  • Participants
  • Parent commits 91c8de4
  • Branches releases/1.3.X

Comments (0)

Files changed (2)

File django/http/

         if not _cookie_allows_colon_in_names:
             def load(self, rawdata, ignore_parse_errors=False):
                 if ignore_parse_errors:
-                    self.bad_cookies = []
+                    self.bad_cookies = set()
                     self._BaseCookie__set = self._loose_set
                 super(SimpleCookie, self).load(rawdata)
                 if ignore_parse_errors:
                     self._strict_set(key, real_value, coded_value)
                 except Cookie.CookieError:
-                    self.bad_cookies.append(key)
-                    dict.__setitem__(self, key, None)
+                    self.bad_cookies.add(key)
+                    dict.__setitem__(self, key, Cookie.Morsel())
 class CompatCookie(SimpleCookie):

File tests/regressiontests/httpwrappers/

         Test that a single non-standard cookie name doesn't affect all cookies. Ticket #13007.
         self.assertTrue('good_cookie' in parse_cookie('good_cookie=yes;bad:cookie=yes').keys())
+    def test_repeated_nonstandard_keys(self):
+        """
+        Test that a repeated non-standard name doesn't affect all cookies. Ticket #15852
+        """
+        self.assertTrue('good_cookie' in parse_cookie('a,=b; a,=c; good_cookie=yes').keys())