开发者

urllib2 multiple Set-Cookie headers in response

I am using urllib2 to interact with a website that sends back multiple Set-Cookie headers. However the re开发者_运维百科sponse header dictionary only contains one - seems the duplicate keys are overriding each other.

Is there a way to access duplicate headers with urllib2?


According to urllib2 docs, the .headers attribute of the result URL object is an httplib.HTTPMessage (which appears to be undocumented, at least in the Python docs).

However,

help(httplib.HTTPMessage)
...

If multiple header fields with the same name occur, they are combined
according to the rules in RFC 2616 sec 4.2:

Appending each subsequent field-value to the first, each separated
by a comma. The order in which header fields with the same field-name
are received is significant to the interpretation of the combined
field value.

So, if you access u.headers['Set-Cookie'], you should get one Set-Cookie header with the values separated by commas.

Indeed, this appears to be the case.

import httplib
from StringIO import StringIO

msg = \
"""Set-Cookie: Foo
Set-Cookie: Bar
Set-Cookie: Baz

This is the message"""

msg = StringIO(msg)

msg = httplib.HTTPMessage(msg)

assert msg['Set-Cookie'] == 'Foo, Bar, Baz'


set-cookie is different though. From RFC 6265:

Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.

In theory then, this looks like a bug.


This is definitely not the case for me. I ran Python 3.10.0 in the browser dev tools the OCS provides these two Set-Cookie headers:

**set-cookie**: 
               JSESSIONID=node01v0bwkcyhmqot1a3eqp3lcvwd2600.node0; 
               Path=/; 
               Secure; 
               HttpOnly; 
               SameSite=Lax
**set-cookie**: 
               ZS-TOKEN-ID=apt688t8gfqf7r4zgkv60aii; 
               HttpOnly; 
               SameSite=Lax; 
               Path=/; 
               Secure;
               Max-Age=36000

In the r.headers['Set-Cookie'] they are NOT combined. Only the first cookie is listed.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜