Class
mechanize._clientcookie.DefaultCookiePolicy

Implements the standard rules for accepting and returning cookies.

Both RFC 2965 and Netscape cookies are covered. RFC 2965 handling is switched off by default.

The easiest way to provide your own policy is to override this class and call its methods in your overriden implementations before adding your own additional checks.

import mechanize class MyCookiePolicy(mechanize.DefaultCookiePolicy): def set_ok(self, cookie, request): if not mechanize.DefaultCookiePolicy.set_ok( self, cookie, request): return False if i_dont_want_to_store_this_cookie(): return False return True

In addition to the features required to implement the CookiePolicy interface, this class allows you to block and allow domains from setting and receiving cookies. There are also some strictness switches that allow you to tighten up the rather loose Netscape protocol rules a little bit (at the cost of blocking some benign cookies).

A domain blacklist and whitelist is provided (both off by default). Only domains not in the blacklist and present in the whitelist (if the whitelist is active) participate in cookie setting and returning. Use the blocked_domains constructor argument, and blocked_domains and set_blocked_domains methods (and the corresponding argument and methods for allowed_domains). If you set a whitelist, you can turn it off again by setting it to None.

Domains in block or allow lists that do not start with a dot must string-compare equal. For example, "acme.com" matches a blacklist entry of "acme.com", but "www.acme.com" does not. Domains that do start with a dot are matched by more specific domains too. For example, both "www.acme.com" and "www.munitions.acme.com" match ".acme.com" (but "acme.com" itself does not). IP addresses are an exception, and must match exactly. For example, if blocked_domains contains "192.168.1.2" and ".168.1.2" 192.168.1.2 is blocked, but 193.168.1.2 is not.

Additional Public Attributes:

General strictness switches

strict_domain: don't allow sites to set two-component domains with country-code top-level domains like .co.uk, .gov.uk, .co.nz. etc. This is far from perfect and isn't guaranteed to work!

RFC 2965 protocol strictness switches

strict_rfc2965_unverifiable: follow RFC 2965 rules on unverifiable transactions (usually, an unverifiable transaction is one resulting from a redirect or an image hosted on another site); if this is false, cookies are NEVER blocked on the basis of verifiability

Netscape protocol strictness switches

strict_ns_unverifiable: apply RFC 2965 rules on unverifiable transactions even to Netscape cookies strict_ns_domain: flags indicating how strict to be with domain-matching rules for Netscape cookies: DomainStrictNoDots: when setting cookies, host prefix must not contain a dot (eg. www.foo.bar.com can't set a cookie for .bar.com, because www.foo contains a dot) DomainStrictNonDomain: cookies that did not explicitly specify a Domain cookie-attribute can only be returned to a domain that string-compares equal to the domain that set the cookie (eg. rockets.acme.com won't be returned cookies from acme.com that had no Domain cookie-attribute) DomainRFC2965Match: when setting cookies, require a full RFC 2965 domain-match DomainLiberal and DomainStrict are the most useful combinations of the above flags, for convenience strict_ns_set_initial_dollar: ignore cookies in Set-Cookie: headers that have names starting with $ strict_ns_set_path: don't allow setting cookies whose path doesn't path-match request URI

Base classes

Implemented Interfaces

There are no implemented interfaces.

Attributes/Properties

Methods

Known Subclasses

There are no known subclasses.