2004-05-31 15:22:40 -03:00
|
|
|
\section{\module{cookielib} ---
|
|
|
|
Cookie handling for HTTP clients}
|
|
|
|
|
|
|
|
\declaremodule{standard}{cookielib}
|
|
|
|
\moduleauthor{John J. Lee}{jjl@pobox.com}
|
|
|
|
\sectionauthor{John J. Lee}{jjl@pobox.com}
|
|
|
|
|
2005-12-04 16:25:23 -04:00
|
|
|
\versionadded{2.4}
|
|
|
|
|
2004-05-31 15:22:40 -03:00
|
|
|
\modulesynopsis{Cookie handling for HTTP clients}
|
|
|
|
|
|
|
|
The \module{cookielib} module defines classes for automatic handling
|
|
|
|
of HTTP cookies. It is useful for accessing web sites that require
|
|
|
|
small pieces of data -- \dfn{cookies} -- to be set on the client
|
|
|
|
machine by an HTTP response from a web server, and then returned to
|
|
|
|
the server in later HTTP requests.
|
|
|
|
|
|
|
|
Both the regular Netscape cookie protocol and the protocol defined by
|
|
|
|
\rfc{2965} are handled. RFC 2965 handling is switched off by default.
|
|
|
|
\rfc{2109} cookies are parsed as Netscape cookies and subsequently
|
2005-12-23 17:43:48 -04:00
|
|
|
treated either as Netscape or RFC 2965 cookies according to the
|
|
|
|
'policy' in effect. Note that the great majority of cookies on the
|
|
|
|
Internet are Netscape cookies. \module{cookielib} attempts to follow
|
|
|
|
the de-facto Netscape cookie protocol (which differs substantially
|
|
|
|
from that set out in the original Netscape specification), including
|
|
|
|
taking note of the \code{max-age} and \code{port} cookie-attributes
|
2006-07-07 05:15:12 -03:00
|
|
|
introduced with RFC 2965. \note{The various named parameters found in
|
2005-12-23 17:43:48 -04:00
|
|
|
\mailheader{Set-Cookie} and \mailheader{Set-Cookie2} headers
|
|
|
|
(eg. \code{domain} and \code{expires}) are conventionally referred to
|
|
|
|
as \dfn{attributes}. To distinguish them from Python attributes, the
|
|
|
|
documentation for this module uses the term \dfn{cookie-attribute}
|
|
|
|
instead}.
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
|
|
|
|
The module defines the following exception:
|
|
|
|
|
|
|
|
\begin{excdesc}{LoadError}
|
|
|
|
Instances of \class{FileCookieJar} raise this exception on failure to
|
2006-01-02 22:12:20 -04:00
|
|
|
load cookies from a file. \note{For backwards-compatibility
|
|
|
|
with Python 2.4 (which raised an \exception{IOError}),
|
|
|
|
\exception{LoadError} is a subclass of \exception{IOError}}.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{excdesc}
|
|
|
|
|
|
|
|
|
|
|
|
The following classes are provided:
|
|
|
|
|
|
|
|
\begin{classdesc}{CookieJar}{policy=\constant{None}}
|
|
|
|
\var{policy} is an object implementing the \class{CookiePolicy}
|
|
|
|
interface.
|
|
|
|
|
|
|
|
The \class{CookieJar} class stores HTTP cookies. It extracts cookies
|
|
|
|
from HTTP requests, and returns them in HTTP responses.
|
|
|
|
\class{CookieJar} instances automatically expire contained cookies
|
|
|
|
when necessary. Subclasses are also responsible for storing and
|
|
|
|
retrieving cookies from a file or database.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
\begin{classdesc}{FileCookieJar}{filename, delayload=\constant{None},
|
|
|
|
policy=\constant{None}}
|
|
|
|
\var{policy} is an object implementing the \class{CookiePolicy}
|
|
|
|
interface. For the other arguments, see the documentation for the
|
|
|
|
corresponding attributes.
|
|
|
|
|
|
|
|
A \class{CookieJar} which can load cookies from, and perhaps save
|
|
|
|
cookies to, a file on disk. Cookies are \strong{NOT} loaded from the
|
|
|
|
named file until either the \method{load()} or \method{revert()}
|
|
|
|
method is called. Subclasses of this class are documented in section
|
|
|
|
\ref{file-cookie-jar-classes}.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
\begin{classdesc}{CookiePolicy}{}
|
|
|
|
This class is responsible for deciding whether each cookie should be
|
|
|
|
accepted from / returned to the server.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
\begin{classdesc}{DefaultCookiePolicy}{
|
|
|
|
blocked_domains=\constant{None},
|
|
|
|
allowed_domains=\constant{None},
|
|
|
|
netscape=\constant{True}, rfc2965=\constant{False},
|
2005-12-23 17:43:48 -04:00
|
|
|
rfc2109_as_netscape=\constant{None},
|
2004-05-31 15:22:40 -03:00
|
|
|
hide_cookie2=\constant{False},
|
|
|
|
strict_domain=\constant{False},
|
|
|
|
strict_rfc2965_unverifiable=\constant{True},
|
|
|
|
strict_ns_unverifiable=\constant{False},
|
|
|
|
strict_ns_domain=\constant{DefaultCookiePolicy.DomainLiberal},
|
|
|
|
strict_ns_set_initial_dollar=\constant{False},
|
|
|
|
strict_ns_set_path=\constant{False}
|
|
|
|
}
|
|
|
|
|
|
|
|
Constructor arguments should be passed as keyword arguments only.
|
|
|
|
\var{blocked_domains} is a sequence of domain names that we never
|
|
|
|
accept cookies from, nor return cookies to. \var{allowed_domains} if
|
|
|
|
not \constant{None}, this is a sequence of the only domains for which
|
|
|
|
we accept and return cookies. For all other arguments, see the
|
|
|
|
documentation for \class{CookiePolicy} and \class{DefaultCookiePolicy}
|
|
|
|
objects.
|
|
|
|
|
|
|
|
\class{DefaultCookiePolicy} implements the standard accept / reject
|
2005-12-23 17:43:48 -04:00
|
|
|
rules for Netscape and RFC 2965 cookies. By default, RFC 2109 cookies
|
2004-05-31 15:22:40 -03:00
|
|
|
(ie. cookies received in a \mailheader{Set-Cookie} header with a
|
|
|
|
version cookie-attribute of 1) are treated according to the RFC 2965
|
2005-12-23 17:43:48 -04:00
|
|
|
rules. However, if RFC 2965 handling is turned off or
|
|
|
|
\member{rfc2109_as_netscape} is True, RFC 2109 cookies are
|
|
|
|
'downgraded' by the \class{CookieJar} instance to Netscape cookies, by
|
|
|
|
setting the \member{version} attribute of the \class{Cookie} instance
|
|
|
|
to 0. \class{DefaultCookiePolicy} also provides some parameters to
|
2004-05-31 15:22:40 -03:00
|
|
|
allow some fine-tuning of policy.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
\begin{classdesc}{Cookie}{}
|
|
|
|
This class represents Netscape, RFC 2109 and RFC 2965 cookies. It is
|
|
|
|
not expected that users of \module{cookielib} construct their own
|
|
|
|
\class{Cookie} instances. Instead, if necessary, call
|
|
|
|
\method{make_cookies()} on a \class{CookieJar} instance.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
\begin{seealso}
|
|
|
|
|
|
|
|
\seemodule{urllib2}{URL opening with automatic cookie handling.}
|
|
|
|
|
|
|
|
\seemodule{Cookie}{HTTP cookie classes, principally useful for
|
|
|
|
server-side code. The \module{cookielib} and \module{Cookie} modules
|
|
|
|
do not depend on each other.}
|
|
|
|
|
|
|
|
\seeurl{http://wwwsearch.sf.net/ClientCookie/}{Extensions to this
|
|
|
|
module, including a class for reading Microsoft Internet Explorer
|
|
|
|
cookies on Windows.}
|
|
|
|
|
|
|
|
\seeurl{http://www.netscape.com/newsref/std/cookie_spec.html}{The
|
|
|
|
specification of the original Netscape cookie protocol. Though this
|
|
|
|
is still the dominant protocol, the 'Netscape cookie protocol'
|
|
|
|
implemented by all the major browsers (and \module{cookielib}) only
|
|
|
|
bears a passing resemblance to the one sketched out in
|
|
|
|
\code{cookie_spec.html}.}
|
|
|
|
|
|
|
|
\seerfc{2109}{HTTP State Management Mechanism}{Obsoleted by RFC 2965.
|
|
|
|
Uses \mailheader{Set-Cookie} with version=1.}
|
|
|
|
|
|
|
|
\seerfc{2965}{HTTP State Management Mechanism}{The Netscape protocol
|
|
|
|
with the bugs fixed. Uses \mailheader{Set-Cookie2} in place of
|
|
|
|
\mailheader{Set-Cookie}. Not widely used.}
|
|
|
|
|
|
|
|
\seeurl{http://kristol.org/cookie/errata.html}{Unfinished errata to
|
|
|
|
RFC 2965.}
|
|
|
|
|
|
|
|
\seerfc{2964}{Use of HTTP State Management}{}
|
|
|
|
|
|
|
|
\end{seealso}
|
|
|
|
|
|
|
|
|
|
|
|
\subsection{CookieJar and FileCookieJar Objects \label{cookie-jar-objects}}
|
|
|
|
|
2004-07-10 15:41:28 -03:00
|
|
|
\class{CookieJar} objects support the iterator protocol for iterating
|
|
|
|
over contained \class{Cookie} objects.
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
\class{CookieJar} has the following methods:
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{add_cookie_header}{request}
|
|
|
|
Add correct \mailheader{Cookie} header to \var{request}.
|
|
|
|
|
2004-07-10 15:41:28 -03:00
|
|
|
If policy allows (ie. the \member{rfc2965} and \member{hide_cookie2}
|
|
|
|
attributes of the \class{CookieJar}'s \class{CookiePolicy} instance
|
|
|
|
are true and false respectively), the \mailheader{Cookie2} header is
|
|
|
|
also added when appropriate.
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
The \var{request} object (usually a \class{urllib2.Request} instance)
|
|
|
|
must support the methods \method{get_full_url()}, \method{get_host()},
|
|
|
|
\method{get_type()}, \method{unverifiable()},
|
|
|
|
\method{get_origin_req_host()}, \method{has_header()},
|
|
|
|
\method{get_header()}, \method{header_items()}, and
|
|
|
|
\method{add_unredirected_header()},as documented by \module{urllib2}.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{extract_cookies}{response, request}
|
|
|
|
Extract cookies from HTTP \var{response} and store them in the
|
|
|
|
\class{CookieJar}, where allowed by policy.
|
|
|
|
|
|
|
|
The \class{CookieJar} will look for allowable \mailheader{Set-Cookie}
|
|
|
|
and \mailheader{Set-Cookie2} headers in the \var{response} argument,
|
|
|
|
and store cookies as appropriate (subject to the
|
|
|
|
\method{CookiePolicy.set_ok()} method's approval).
|
|
|
|
|
|
|
|
The \var{response} object (usually the result of a call to
|
|
|
|
\method{urllib2.urlopen()}, or similar) should support an
|
|
|
|
\method{info()} method, which returns an object with a
|
|
|
|
\method{getallmatchingheaders()} method (usually a
|
|
|
|
\class{mimetools.Message} instance).
|
|
|
|
|
|
|
|
The \var{request} object (usually a \class{urllib2.Request} instance)
|
|
|
|
must support the methods \method{get_full_url()}, \method{get_host()},
|
|
|
|
\method{unverifiable()}, and \method{get_origin_req_host()}, as
|
|
|
|
documented by \module{urllib2}. The request is used to set default
|
|
|
|
values for cookie-attributes as well as for checking that the cookie
|
|
|
|
is allowed to be set.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{set_policy}{policy}
|
|
|
|
Set the \class{CookiePolicy} instance to be used.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{make_cookies}{response, request}
|
|
|
|
Return sequence of \class{Cookie} objects extracted from
|
|
|
|
\var{response} object.
|
|
|
|
|
|
|
|
See the documentation for \method{extract_cookies} for the interfaces
|
|
|
|
required of the \var{response} and \var{request} arguments.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{set_cookie_if_ok}{cookie, request}
|
|
|
|
Set a \class{Cookie} if policy says it's OK to do so.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{set_cookie}{cookie}
|
|
|
|
Set a \class{Cookie}, without checking with policy to see whether or
|
|
|
|
not it should be set.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{clear}{\optional{domain\optional{,
|
|
|
|
path\optional{, name}}}}
|
|
|
|
Clear some cookies.
|
|
|
|
|
|
|
|
If invoked without arguments, clear all cookies. If given a single
|
|
|
|
argument, only cookies belonging to that \var{domain} will be removed.
|
|
|
|
If given two arguments, cookies belonging to the specified
|
|
|
|
\var{domain} and URL \var{path} are removed. If given three
|
|
|
|
arguments, then the cookie with the specified \var{domain}, \var{path}
|
|
|
|
and \var{name} is removed.
|
|
|
|
|
|
|
|
Raises \exception{KeyError} if no matching cookie exists.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookieJar]{clear_session_cookies}{}
|
|
|
|
Discard all session cookies.
|
|
|
|
|
|
|
|
Discards all contained cookies that have a true \member{discard}
|
|
|
|
attribute (usually because they had either no \code{max-age} or
|
|
|
|
\code{expires} cookie-attribute, or an explicit \code{discard}
|
|
|
|
cookie-attribute). For interactive browsers, the end of a session
|
|
|
|
usually corresponds to closing the browser window.
|
|
|
|
|
|
|
|
Note that the \method{save()} method won't save session cookies
|
|
|
|
anyway, unless you ask otherwise by passing a true
|
|
|
|
\var{ignore_discard} argument.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\class{FileCookieJar} implements the following additional methods:
|
|
|
|
|
|
|
|
\begin{methoddesc}[FileCookieJar]{save}{filename=\constant{None},
|
|
|
|
ignore_discard=\constant{False}, ignore_expires=\constant{False}}
|
|
|
|
Save cookies to a file.
|
|
|
|
|
2006-03-17 12:26:31 -04:00
|
|
|
This base class raises \exception{NotImplementedError}. Subclasses may
|
2004-05-31 15:22:40 -03:00
|
|
|
leave this method unimplemented.
|
|
|
|
|
|
|
|
\var{filename} is the name of file in which to save cookies. If
|
|
|
|
\var{filename} is not specified, \member{self.filename} is used (whose
|
|
|
|
default is the value passed to the constructor, if any); if
|
|
|
|
\member{self.filename} is \constant{None}, \exception{ValueError} is
|
|
|
|
raised.
|
|
|
|
|
|
|
|
\var{ignore_discard}: save even cookies set to be discarded.
|
|
|
|
\var{ignore_expires}: save even cookies that have expired
|
|
|
|
|
|
|
|
The file is overwritten if it already exists, thus wiping all the
|
|
|
|
cookies it contains. Saved cookies can be restored later using the
|
|
|
|
\method{load()} or \method{revert()} methods.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[FileCookieJar]{load}{filename=\constant{None},
|
|
|
|
ignore_discard=\constant{False}, ignore_expires=\constant{False}}
|
|
|
|
Load cookies from a file.
|
|
|
|
|
|
|
|
Old cookies are kept unless overwritten by newly loaded ones.
|
|
|
|
|
|
|
|
Arguments are as for \method{save()}.
|
|
|
|
|
|
|
|
The named file must be in the format understood by the class, or
|
2006-01-02 22:12:20 -04:00
|
|
|
\exception{LoadError} will be raised. Also, \exception{IOError} may
|
|
|
|
be raised, for example if the file does not exist. \note{For
|
|
|
|
backwards-compatibility with Python 2.4 (which raised
|
|
|
|
an \exception{IOError}), \exception{LoadError} is a subclass
|
|
|
|
of \exception{IOError}.}
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[FileCookieJar]{revert}{filename=\constant{None},
|
|
|
|
ignore_discard=\constant{False}, ignore_expires=\constant{False}}
|
|
|
|
Clear all cookies and reload cookies from a saved file.
|
|
|
|
|
2006-01-02 22:12:20 -04:00
|
|
|
\method{revert()} can raise the same exceptions as \method{load()}.
|
|
|
|
If there is a failure, the object's state will not be altered.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\class{FileCookieJar} instances have the following public attributes:
|
|
|
|
|
|
|
|
\begin{memberdesc}{filename}
|
2004-07-10 15:41:28 -03:00
|
|
|
Filename of default file in which to keep cookies. This attribute may
|
|
|
|
be assigned to.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
\begin{memberdesc}{delayload}
|
2004-07-10 15:41:28 -03:00
|
|
|
If true, load cookies lazily from disk. This attribute should not be
|
|
|
|
assigned to. This is only a hint, since this only affects
|
|
|
|
performance, not behaviour (unless the cookies on disk are changing).
|
|
|
|
A \class{CookieJar} object may ignore it. None of the
|
|
|
|
\class{FileCookieJar} classes included in the standard library lazily
|
|
|
|
loads cookies.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
|
|
|
|
\subsection{FileCookieJar subclasses and co-operation with web browsers
|
|
|
|
\label{file-cookie-jar-classes}}
|
|
|
|
|
|
|
|
The following \class{CookieJar} subclasses are provided for reading
|
|
|
|
and writing . Further \class{CookieJar} subclasses, including one
|
|
|
|
that reads Microsoft Internet Explorer cookies, are available at
|
|
|
|
\url{http://wwwsearch.sf.net/ClientCookie/}.
|
|
|
|
|
|
|
|
\begin{classdesc}{MozillaCookieJar}{filename, delayload=\constant{None},
|
|
|
|
policy=\constant{None}}
|
|
|
|
A \class{FileCookieJar} that can load from and save cookies to disk in
|
|
|
|
the Mozilla \code{cookies.txt} file format (which is also used by the
|
2004-07-10 15:41:28 -03:00
|
|
|
Lynx and Netscape browsers). \note{This loses information about RFC
|
2004-05-31 15:22:40 -03:00
|
|
|
2965 cookies, and also about newer or non-standard cookie-attributes
|
|
|
|
such as \code{port}.}
|
|
|
|
|
|
|
|
\warning{Back up your cookies before saving if you have cookies whose
|
|
|
|
loss / corruption would be inconvenient (there are some subtleties
|
|
|
|
which may lead to slight changes in the file over a load / save
|
|
|
|
round-trip).}
|
|
|
|
|
|
|
|
Also note that cookies saved while Mozilla is running will get
|
|
|
|
clobbered by Mozilla.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
\begin{classdesc}{LWPCookieJar}{filename, delayload=\constant{None},
|
|
|
|
policy=\constant{None}}
|
|
|
|
A \class{FileCookieJar} that can load from and save cookies to disk in
|
|
|
|
format compatible with the libwww-perl library's \code{Set-Cookie3}
|
|
|
|
file format. This is convenient if you want to store cookies in a
|
|
|
|
human-readable file.
|
|
|
|
\end{classdesc}
|
|
|
|
|
|
|
|
|
|
|
|
\subsection{CookiePolicy Objects \label{cookie-policy-objects}}
|
|
|
|
|
|
|
|
Objects implementing the \class{CookiePolicy} interface have the
|
|
|
|
following methods:
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookiePolicy]{set_ok}{cookie, request}
|
|
|
|
Return boolean value indicating whether cookie should be accepted from server.
|
|
|
|
|
|
|
|
\var{cookie} is a \class{cookielib.Cookie} instance. \var{request} is
|
|
|
|
an object implementing the interface defined by the documentation for
|
|
|
|
\method{CookieJar.extract_cookies()}.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookiePolicy]{return_ok}{cookie, request}
|
|
|
|
Return boolean value indicating whether cookie should be returned to server.
|
|
|
|
|
|
|
|
\var{cookie} is a \class{cookielib.Cookie} instance. \var{request} is
|
|
|
|
an object implementing the interface defined by the documentation for
|
|
|
|
\method{CookieJar.add_cookie_header()}.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookiePolicy]{domain_return_ok}{domain, request}
|
|
|
|
Return false if cookies should not be returned, given cookie domain.
|
|
|
|
|
|
|
|
This method is an optimization. It removes the need for checking
|
|
|
|
every cookie with a particular domain (which might involve reading
|
2004-07-10 15:41:28 -03:00
|
|
|
many files). Returning true from \method{domain_return_ok()} and
|
|
|
|
\method{path_return_ok()} leaves all the work to \method{return_ok()}.
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
If \method{domain_return_ok()} returns true for the cookie domain,
|
|
|
|
\method{path_return_ok()} is called for the cookie path. Otherwise,
|
|
|
|
\method{path_return_ok()} and \method{return_ok()} are never called
|
|
|
|
for that cookie domain. If \method{path_return_ok()} returns true,
|
|
|
|
\method{return_ok()} is called with the \class{Cookie} object itself
|
|
|
|
for a full check. Otherwise, \method{return_ok()} is never called for
|
|
|
|
that cookie path.
|
|
|
|
|
|
|
|
Note that \method{domain_return_ok()} is called for every
|
|
|
|
\emph{cookie} domain, not just for the \emph{request} domain. For
|
|
|
|
example, the function might be called with both \code{".example.com"}
|
|
|
|
and \code{"www.example.com"} if the request domain is
|
|
|
|
\code{"www.example.com"}. The same goes for
|
|
|
|
\method{path_return_ok()}.
|
|
|
|
|
|
|
|
The \var{request} argument is as documented for \method{return_ok()}.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[CookiePolicy]{path_return_ok}{path, request}
|
|
|
|
Return false if cookies should not be returned, given cookie path.
|
|
|
|
|
|
|
|
See the documentation for \method{domain_return_ok()}.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
|
|
|
|
In addition to implementing the methods above, implementations of the
|
|
|
|
\class{CookiePolicy} interface must also supply the following
|
|
|
|
attributes, indicating which protocols should be used, and how. All
|
|
|
|
of these attributes may be assigned to.
|
|
|
|
|
|
|
|
\begin{memberdesc}{netscape}
|
2004-07-10 15:41:28 -03:00
|
|
|
Implement Netscape protocol.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{rfc2965}
|
|
|
|
Implement RFC 2965 protocol.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{hide_cookie2}
|
2004-07-10 15:41:28 -03:00
|
|
|
Don't add \mailheader{Cookie2} header to requests (the presence of
|
|
|
|
this header indicates to the server that we understand RFC 2965
|
|
|
|
cookies).
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
The most useful way to define a \class{CookiePolicy} class is by
|
|
|
|
subclassing from \class{DefaultCookiePolicy} and overriding some or
|
|
|
|
all of the methods above. \class{CookiePolicy} itself may be used as
|
2004-07-10 15:41:28 -03:00
|
|
|
a 'null policy' to allow setting and receiving any and all cookies
|
|
|
|
(this is unlikely to be useful).
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
|
|
|
|
\subsection{DefaultCookiePolicy Objects \label{default-cookie-policy-objects}}
|
|
|
|
|
|
|
|
Implements the standard rules for accepting and returning cookies.
|
|
|
|
|
|
|
|
Both RFC 2965 and Netscape cookies are covered. RFC 2965 handling is
|
|
|
|
switched off by default.
|
|
|
|
|
|
|
|
The easiest way to provide your own policy is to override this class
|
2004-12-31 20:28:46 -04:00
|
|
|
and call its methods in your overridden implementations before adding
|
2004-05-31 15:22:40 -03:00
|
|
|
your own additional checks:
|
|
|
|
|
|
|
|
\begin{verbatim}
|
|
|
|
import cookielib
|
|
|
|
class MyCookiePolicy(cookielib.DefaultCookiePolicy):
|
|
|
|
def set_ok(self, cookie, request):
|
|
|
|
if not cookielib.DefaultCookiePolicy.set_ok(self, cookie, request):
|
|
|
|
return False
|
|
|
|
if i_dont_want_to_store_this_cookie(cookie):
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
\end{verbatim}
|
|
|
|
|
|
|
|
In addition to the features required to implement the
|
|
|
|
\class{CookiePolicy} interface, this class allows you to block and
|
|
|
|
allow domains from setting and receiving cookies. There are also some
|
|
|
|
strictness switches that allow you to tighten up the rather loose
|
|
|
|
Netscape protocol rules a little bit (at the cost of blocking some
|
|
|
|
benign cookies).
|
|
|
|
|
|
|
|
A domain blacklist and whitelist is provided (both off by default).
|
|
|
|
Only domains not in the blacklist and present in the whitelist (if the
|
|
|
|
whitelist is active) participate in cookie setting and returning. Use
|
|
|
|
the \var{blocked_domains} constructor argument, and
|
|
|
|
\method{blocked_domains()} and \method{set_blocked_domains()} methods
|
|
|
|
(and the corresponding argument and methods for
|
|
|
|
\var{allowed_domains}). If you set a whitelist, you can turn it off
|
|
|
|
again by setting it to \constant{None}.
|
|
|
|
|
2004-07-10 15:41:28 -03:00
|
|
|
Domains in block or allow lists that do not start with a dot must
|
|
|
|
equal the cookie domain to be matched. For example,
|
|
|
|
\code{"example.com"} matches a blacklist entry of
|
2004-05-31 15:22:40 -03:00
|
|
|
\code{"example.com"}, but \code{"www.example.com"} does not. Domains
|
|
|
|
that do start with a dot are matched by more specific domains too.
|
|
|
|
For example, both \code{"www.example.com"} and
|
|
|
|
\code{"www.coyote.example.com"} match \code{".example.com"} (but
|
|
|
|
\code{"example.com"} itself does not). IP addresses are an exception,
|
|
|
|
and must match exactly. For example, if blocked_domains contains
|
|
|
|
\code{"192.168.1.2"} and \code{".168.1.2"}, 192.168.1.2 is blocked,
|
|
|
|
but 193.168.1.2 is not.
|
|
|
|
|
|
|
|
\class{DefaultCookiePolicy} implements the following additional
|
|
|
|
methods:
|
|
|
|
|
|
|
|
\begin{methoddesc}[DefaultCookiePolicy]{blocked_domains}{}
|
|
|
|
Return the sequence of blocked domains (as a tuple).
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[DefaultCookiePolicy]{set_blocked_domains}
|
|
|
|
{blocked_domains}
|
|
|
|
Set the sequence of blocked domains.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[DefaultCookiePolicy]{is_blocked}{domain}
|
|
|
|
Return whether \var{domain} is on the blacklist for setting or
|
|
|
|
receiving cookies.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[DefaultCookiePolicy]{allowed_domains}{}
|
|
|
|
Return \constant{None}, or the sequence of allowed domains (as a tuple).
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[DefaultCookiePolicy]{set_allowed_domains}
|
|
|
|
{allowed_domains}
|
|
|
|
Set the sequence of allowed domains, or \constant{None}.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\begin{methoddesc}[DefaultCookiePolicy]{is_not_allowed}{domain}
|
|
|
|
Return whether \var{domain} is not on the whitelist for setting or
|
|
|
|
receiving cookies.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
\class{DefaultCookiePolicy} instances have the following attributes,
|
|
|
|
which are all initialised from the constructor arguments of the same
|
|
|
|
name, and which may all be assigned to.
|
|
|
|
|
2005-12-23 17:43:48 -04:00
|
|
|
\begin{memberdesc}{rfc2109_as_netscape}
|
|
|
|
If true, request that the \class{CookieJar} instance downgrade RFC
|
|
|
|
2109 cookies (ie. cookies received in a \mailheader{Set-Cookie} header
|
|
|
|
with a version cookie-attribute of 1) to Netscape cookies by setting
|
|
|
|
the version attribute of the \class{Cookie} instance to 0. The
|
|
|
|
default value is \constant{None}, in which case RFC 2109 cookies are
|
|
|
|
downgraded if and only if RFC 2965 handling is turned off. Therefore,
|
|
|
|
RFC 2109 cookies are downgraded by default.
|
|
|
|
\versionadded{2.5}
|
|
|
|
\end{memberdesc}
|
|
|
|
|
2004-05-31 15:22:40 -03:00
|
|
|
General strictness switches:
|
|
|
|
|
|
|
|
\begin{memberdesc}{strict_domain}
|
|
|
|
Don't allow sites to set two-component domains with country-code
|
|
|
|
top-level domains like \code{.co.uk}, \code{.gov.uk},
|
|
|
|
\code{.co.nz}.etc. This is far from perfect and isn't guaranteed to
|
|
|
|
work!
|
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
RFC 2965 protocol strictness switches:
|
|
|
|
|
|
|
|
\begin{memberdesc}{strict_rfc2965_unverifiable}
|
|
|
|
Follow RFC 2965 rules on unverifiable transactions (usually, an
|
|
|
|
unverifiable transaction is one resulting from a redirect or a request
|
|
|
|
for an image hosted on another site). If this is false, cookies are
|
|
|
|
\emph{never} blocked on the basis of verifiability
|
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
Netscape protocol strictness switches:
|
|
|
|
|
|
|
|
\begin{memberdesc}{strict_ns_unverifiable}
|
|
|
|
apply RFC 2965 rules on unverifiable transactions even to Netscape
|
|
|
|
cookies
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{strict_ns_domain}
|
|
|
|
Flags indicating how strict to be with domain-matching rules for
|
|
|
|
Netscape cookies. See below for acceptable values.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{strict_ns_set_initial_dollar}
|
|
|
|
Ignore cookies in Set-Cookie: headers that have names starting with
|
|
|
|
\code{'\$'}.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{strict_ns_set_path}
|
|
|
|
Don't allow setting cookies whose path doesn't path-match request URI.
|
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
\member{strict_ns_domain} is a collection of flags. Its value is
|
|
|
|
constructed by or-ing together (for example,
|
|
|
|
\code{DomainStrictNoDots|DomainStrictNonDomain} means both flags are
|
|
|
|
set).
|
|
|
|
|
|
|
|
\begin{memberdesc}{DomainStrictNoDots}
|
|
|
|
When setting cookies, the 'host prefix' must not contain a dot
|
|
|
|
(eg. \code{www.foo.bar.com} can't set a cookie for \code{.bar.com},
|
|
|
|
because \code{www.foo} contains a dot).
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{DomainStrictNonDomain}
|
|
|
|
Cookies that did not explicitly specify a \code{domain}
|
2004-07-10 15:41:28 -03:00
|
|
|
cookie-attribute can only be returned to a domain equal to the domain
|
|
|
|
that set the cookie (eg. \code{spam.example.com} won't be returned
|
|
|
|
cookies from \code{example.com} that had no \code{domain}
|
|
|
|
cookie-attribute).
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{DomainRFC2965Match}
|
|
|
|
When setting cookies, require a full RFC 2965 domain-match.
|
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
The following attributes are provided for convenience, and are the
|
|
|
|
most useful combinations of the above flags:
|
|
|
|
|
|
|
|
\begin{memberdesc}{DomainLiberal}
|
|
|
|
Equivalent to 0 (ie. all of the above Netscape domain strictness flags
|
|
|
|
switched off).
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}{DomainStrict}
|
|
|
|
Equivalent to \code{DomainStrictNoDots|DomainStrictNonDomain}.
|
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
|
2006-01-04 17:05:07 -04:00
|
|
|
\subsection{Cookie Objects \label{cookie-objects}}
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
\class{Cookie} instances have Python attributes roughly corresponding
|
|
|
|
to the standard cookie-attributes specified in the various cookie
|
|
|
|
standards. The correspondence is not one-to-one, because there are
|
2005-12-23 17:43:48 -04:00
|
|
|
complicated rules for assigning default values, because the
|
2004-05-31 15:22:40 -03:00
|
|
|
\code{max-age} and \code{expires} cookie-attributes contain equivalent
|
2005-12-23 17:43:48 -04:00
|
|
|
information, and because RFC 2109 cookies may be 'downgraded' by
|
|
|
|
\module{cookielib} from version 1 to version 0 (Netscape) cookies.
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
Assignment to these attributes should not be necessary other than in
|
|
|
|
rare circumstances in a \class{CookiePolicy} method. The class does
|
|
|
|
not enforce internal consistency, so you should know what you're
|
|
|
|
doing if you do that.
|
|
|
|
|
|
|
|
\begin{memberdesc}[Cookie]{version}
|
2005-12-23 17:43:48 -04:00
|
|
|
Integer or \constant{None}. Netscape cookies have \member{version} 0.
|
|
|
|
RFC 2965 and RFC 2109 cookies have a \code{version} cookie-attribute
|
|
|
|
of 1. However, note that \module{cookielib} may 'downgrade' RFC 2109
|
|
|
|
cookies to Netscape cookies, in which case \member{version} is 0.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{name}
|
2004-07-10 15:41:28 -03:00
|
|
|
Cookie name (a string).
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{value}
|
2004-07-10 15:41:28 -03:00
|
|
|
Cookie value (a string), or \constant{None}.
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{port}
|
|
|
|
String representing a port or a set of ports (eg. '80', or '80,8080'),
|
|
|
|
or \constant{None}.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{path}
|
2004-07-10 15:41:28 -03:00
|
|
|
Cookie path (a string, eg. \code{'/acme/rocket_launchers'}).
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{secure}
|
|
|
|
True if cookie should only be returned over a secure connection.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{expires}
|
|
|
|
Integer expiry date in seconds since epoch, or \constant{None}. See
|
|
|
|
also the \method{is_expired()} method.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{discard}
|
|
|
|
True if this is a session cookie.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{comment}
|
|
|
|
String comment from the server explaining the function of this cookie,
|
|
|
|
or \constant{None}.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{comment_url}
|
|
|
|
URL linking to a comment from the server explaining the function of
|
|
|
|
this cookie, or \constant{None}.
|
|
|
|
\end{memberdesc}
|
2005-12-23 17:43:48 -04:00
|
|
|
\begin{memberdesc}[Cookie]{rfc2109}
|
|
|
|
True if this cookie was received as an RFC 2109 cookie (ie. the cookie
|
|
|
|
arrived in a \mailheader{Set-Cookie} header, and the value of the
|
|
|
|
Version cookie-attribute in that header was 1). This attribute is
|
|
|
|
provided because \module{cookielib} may 'downgrade' RFC 2109 cookies
|
|
|
|
to Netscape cookies, in which case \member{version} is 0.
|
|
|
|
\versionadded{2.5}
|
|
|
|
\end{memberdesc}
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
\begin{memberdesc}[Cookie]{port_specified}
|
|
|
|
True if a port or set of ports was explicitly specified by the server
|
|
|
|
(in the \mailheader{Set-Cookie} / \mailheader{Set-Cookie2} header).
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{domain_specified}
|
|
|
|
True if a domain was explicitly specified by the server.
|
|
|
|
\end{memberdesc}
|
|
|
|
\begin{memberdesc}[Cookie]{domain_initial_dot}
|
|
|
|
True if the domain explicitly specified by the server began with a
|
2004-07-10 15:41:28 -03:00
|
|
|
dot (\code{'.'}).
|
2004-05-31 15:22:40 -03:00
|
|
|
\end{memberdesc}
|
|
|
|
|
|
|
|
Cookies may have additional non-standard cookie-attributes. These may
|
|
|
|
be accessed using the following methods:
|
|
|
|
|
|
|
|
\begin{methoddesc}[Cookie]{has_nonstandard_attr}{name}
|
|
|
|
Return true if cookie has the named cookie-attribute.
|
|
|
|
\end{methoddesc}
|
|
|
|
\begin{methoddesc}[Cookie]{get_nonstandard_attr}{name, default=\constant{None}}
|
|
|
|
If cookie has the named cookie-attribute, return its value.
|
|
|
|
Otherwise, return \var{default}.
|
|
|
|
\end{methoddesc}
|
|
|
|
\begin{methoddesc}[Cookie]{set_nonstandard_attr}{name, value}
|
|
|
|
Set the value of the named cookie-attribute.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
The \class{Cookie} class also defines the following method:
|
|
|
|
|
|
|
|
\begin{methoddesc}[Cookie]{is_expired}{\optional{now=\constant{None}}}
|
|
|
|
True if cookie has passed the time at which the server requested it
|
|
|
|
should expire. If \var{now} is given (in seconds since the epoch),
|
|
|
|
return whether the cookie has expired at the specified time.
|
|
|
|
\end{methoddesc}
|
|
|
|
|
|
|
|
|
|
|
|
\subsection{Examples \label{cookielib-examples}}
|
|
|
|
|
|
|
|
The first example shows the most common usage of \module{cookielib}:
|
|
|
|
|
|
|
|
\begin{verbatim}
|
|
|
|
import cookielib, urllib2
|
|
|
|
cj = cookielib.CookieJar()
|
|
|
|
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
|
|
|
|
r = opener.open("http://example.com/")
|
|
|
|
\end{verbatim}
|
|
|
|
|
|
|
|
This example illustrates how to open a URL using your Netscape,
|
2004-07-10 15:41:28 -03:00
|
|
|
Mozilla, or Lynx cookies (assumes \UNIX{}/Netscape convention for
|
|
|
|
location of the cookies file):
|
2004-05-31 15:22:40 -03:00
|
|
|
|
|
|
|
\begin{verbatim}
|
|
|
|
import os, cookielib, urllib2
|
|
|
|
cj = cookielib.MozillaCookieJar()
|
2004-07-10 15:41:28 -03:00
|
|
|
cj.load(os.path.join(os.environ["HOME"], ".netscape/cookies.txt"))
|
2004-05-31 15:22:40 -03:00
|
|
|
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
|
|
|
|
r = opener.open("http://example.com/")
|
|
|
|
\end{verbatim}
|
|
|
|
|
|
|
|
The next example illustrates the use of \class{DefaultCookiePolicy}.
|
|
|
|
Turn on RFC 2965 cookies, be more strict about domains when setting
|
|
|
|
and returning Netscape cookies, and block some domains from setting
|
|
|
|
cookies or having them returned:
|
|
|
|
|
|
|
|
\begin{verbatim}
|
|
|
|
import urllib2
|
2004-07-10 15:41:28 -03:00
|
|
|
from cookielib import CookieJar, DefaultCookiePolicy
|
|
|
|
policy = DefaultCookiePolicy(
|
|
|
|
rfc2965=True, strict_ns_domain=Policy.DomainStrict,
|
|
|
|
blocked_domains=["ads.net", ".ads.net"])
|
2004-05-31 15:22:40 -03:00
|
|
|
cj = CookieJar(policy)
|
|
|
|
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
|
|
|
|
r = opener.open("http://example.com/")
|
|
|
|
\end{verbatim}
|