Stop trying to use generic cookie parsing

Trying to do so while guarding against errors and sanitizing input was more code and slower than targeting the one possible cookie we might care about. So the code is simpler and the performance is better, and the effect of stray cookies are mitigated.
2024-11-26 03:19:48 +00:00 · 2020-10-29 11:36:26 -04:00 · 2020-10-29 11:36:26 -04:00 · 95659db00a
commit 95659db00a
parent bddbc37e8e
1 changed files with 4 additions and 16 deletions
--- a/confluent_server/confluent/httpapi.py
+++ b/confluent_server/confluent/httpapi.py
@ -65,16 +65,6 @@ opmap = {
 }


-class RobustCookie(Cookie.SimpleCookie):
-    # this is very bad form, but BaseCookie has a terrible flaw
-    def _BaseCookie__set(self, K, rval, cval):
-        try:
-            super(RobustCookie, self)._BaseCookie__set(K, rval, cval)
-        except Cookie.CookieError:
-            # empty value if SimpleCookie rejects
-            dict.__setitem__(self, K, Cookie.Morsel())
-
-
 def group_creation_resources():
    yield confluent.messages.Attributes(
        kv={'name': None}, desc="Name of the group").html() + '<br>'
@ -284,12 +274,10 @@ def _authorize_request(env, operation):
    if element.startswith('/sessions/current/'):
        element = None
    if 'HTTP_COOKIE' in env:
-        #attempt to use the cookie.  If it matches
-        cc = RobustCookie()
-        sanitized = '; '.join([x.strip().replace(' ', '_') for x in env['HTTP_COOKIE'].split(';')])
-        cc.load(sanitized)
-        if 'confluentsessionid' in cc:
-            sessionid = cc['confluentsessionid'].value
+        cidx = (env['HTTP_COOKIE']).find('confluentsessionid=')
+        if cidx >= 0:
+            sessionid = env['HTTP_COOKIE'][cidx+19:cidx+51]
+            sessid = sessionid
            sessid = sessionid
            if sessionid in httpsessions:
                if _csrf_valid(env, httpsessions[sessionid]):