PyMOTW-3http.cookies — HTTP Cookies¶
| Purpose: | Defines classes for parsing and creating HTTP cookie headers. |
|---|
The http.cookies module implements a parser for cookies that is
mostly RFC 2109 compliant. The implementation is a little less
strict than the standard because MSIE 3.0x does not support the entire
standard.
Creating and Setting a Cookie¶
Cookies are used as state management for browser-based application, and as such are usually set by the server to be stored and returned by the client. The most trivial example of creating a cookie sets a single name-value pair.
from http import cookies
c = cookies.SimpleCookie()
c['mycookie'] = 'cookie_value'
print(c)
The output is a valid Set-Cookie header ready to be passed to the
client as part of the HTTP response.
$ python3 http_cookies_setheaders.py
Set-Cookie: mycookie=cookie_value
Morsels¶
It is also possible to control the other aspects of a cookie, such as
the expiration, path, and domain. In fact, all of the RFC attributes
for cookies can be managed through the Morsel object
representing the cookie value.
from http import cookies
import datetime
def show_cookie(c):
print(c)
for key, morsel in c.items():
print()
print('key =', morsel.key)
print(' value =', morsel.value)
print(' coded_value =', morsel.coded_value)
for name in morsel.keys():
if morsel[name]:
print(' {} = {}'.format(name, morsel[name]))
c = cookies.SimpleCookie()
# A cookie with a value that has to be encoded
# to fit into the header
c['encoded_value_cookie'] = '"cookie,value;"'
c['encoded_value_cookie']['comment'] = 'Has escaped punctuation'
# A cookie that only applies to part of a site
c['restricted_cookie'] = 'cookie_value'
c['restricted_cookie']['path'] = '/sub/path'
c['restricted_cookie']['domain'] = 'PyMOTW'
c['restricted_cookie']['secure'] = True
# A cookie that expires in 5 minutes
c['with_max_age'] = 'expires in 5 minutes'
c['with_max_age']['max-age'] = 300 # seconds
# A cookie that expires at a specific time
c['expires_at_time'] = 'cookie_value'
time_to_live = datetime.timedelta(hours=1)
expires = (datetime.datetime(2009, 2, 14, 18, 30, 14) +
time_to_live)
# Date format: Wdy, DD-Mon-YY HH:MM:SS GMT
expires_at_time = expires.strftime('%a, %d %b %Y %H:%M:%S')
c['expires_at_time']['expires'] = expires_at_time
show_cookie(c)
This example includes two different methods for setting stored
cookies that expire. One sets the max-age to a number of seconds,
the other sets expires to a date and time when the cookie should
be discarded.
$ python3 http_cookies_Morsel.py
Set-Cookie: encoded_value_cookie="\"cookie\054value\073\"";
Comment="Has escaped punctuation"
Set-Cookie: expires_at_time=cookie_value; expires=Sat, 14 Feb
2009 19:30:14
Set-Cookie: restricted_cookie=cookie_value; Domain=PyMOTW;
Path=/sub/path; Secure
Set-Cookie: with_max_age="expires in 5 minutes"; Max-Age=300
key = encoded_value_cookie
value = "cookie,value;"
coded_value = "\"cookie\054value\073\""
comment = Has escaped punctuation
key = restricted_cookie
value = cookie_value
coded_value = cookie_value
path = /sub/path
domain = PyMOTW
secure = True
key = with_max_age
value = expires in 5 minutes
coded_value = "expires in 5 minutes"
max-age = 300
key = expires_at_time
value = cookie_value
coded_value = cookie_value
expires = Sat, 14 Feb 2009 19:30:14
Both the Cookie and Morsel objects act like
dictionaries. A Morsel responds to a fixed set of keys:
- expires
- path
- comment
- domain
- max-age
- secure
- version
The keys for a Cookie instance are the names of the
individual cookies being stored. That information is also available
from the key attribute of the Morsel.
Encoded Values¶
The cookie header needs values to be encoded so they can be parsed properly.
from http import cookies
c = cookies.SimpleCookie()
c['integer'] = 5
c['with_quotes'] = 'He said, "Hello, World!"'
for name in ['integer', 'with_quotes']:
print(c[name].key)
print(' {}'.format(c[name]))
print(' value={!r}'.format(c[name].value))
print(' coded_value={!r}'.format(c[name].coded_value))
print()
Morsel.value is always the decoded value of the cookie, while
Morsel.coded_value is always the representation to be used for
transmitting the value to the client. Both values are always
strings. Values saved to a cookie that are not strings are converted
automatically.
$ python3 http_cookies_coded_value.py
integer
Set-Cookie: integer=5
value='5'
coded_value='5'
with_quotes
Set-Cookie: with_quotes="He said\054 \"Hello\054 World!\""
value='He said, "Hello, World!"'
coded_value='"He said\\054 \\"Hello\\054 World!\\""'
Receiving and Parsing Cookie Headers¶
Once the Set-Cookie headers are received by the client, it will
return those cookies to the server on subsequent requests using a
Cookie header. An incoming Cookie header string may contain
several cookie values, separated by semicolons (;).
Cookie: integer=5; with_quotes="He said, \"Hello, World!\""
Depending on the web server and framework, cookies are either
available directly from the headers or the HTTP_COOKIE environment
variable.
from http import cookies
HTTP_COOKIE = '; '.join([
r'integer=5',
r'with_quotes="He said, \"Hello, World!\""',
])
print('From constructor:')
c = cookies.SimpleCookie(HTTP_COOKIE)
print(c)
print()
print('From load():')
c = cookies.SimpleCookie()
c.load(HTTP_COOKIE)
print(c)
To decode them, pass the string without the header prefix to
SimpleCookie when instantiating it, or use the load()
method.
$ python3 http_cookies_parse.py
From constructor:
Set-Cookie: integer=5
Set-Cookie: with_quotes="He said, \"Hello, World!\""
From load():
Set-Cookie: integer=5
Set-Cookie: with_quotes="He said, \"Hello, World!\""
Alternative Output Formats¶
Besides using the Set-Cookie header, servers may deliver
JavaScript that adds cookies to a client. SimpleCookie and
Morsel provide JavaScript output via the js_output()
method.
from http import cookies
import textwrap
c = cookies.SimpleCookie()
c['mycookie'] = 'cookie_value'
c['another_cookie'] = 'second value'
js_text = c.js_output()
print(textwrap.dedent(js_text).lstrip())
The result is a complete script tag with statements to set the
cookies.
$ python3 http_cookies_js_output.py
<script type="text/javascript">
<!-- begin hiding
document.cookie = "another_cookie=\"second value\"";
// end hiding -->
</script>
<script type="text/javascript">
<!-- begin hiding
document.cookie = "mycookie=cookie_value";
// end hiding -->
</script>
See also
- Standard library documentation for http.cookies
http.cookiejar– Thecookielibmodule, for working with cookies on the client-side.- RFC 2109 – HTTP State Management Mechanism
