[Welcome] [TitleIndex] [WordIndex


You've written a site that requires cookie support in the client; the most common reason is using sessions. Good interface design requires that users get a warning if their browser doesn't support cookies; this is much better than just having the interface fail with no explanation. You want to check if the client supports cookies.


After storing some information in the session, ensuring that the session is marked as dirty and you run the following check:

def ensure_cookies():
    # The client should be sending us cookies at this point.  If not, they are not
    # supported or are disabled.
    if not get_request().cookies:
        return redirect("/cookies_required")

You could call the function from the page that the user lands on after signing in. Obviously you need to write a cookies_required page or redirect to some other location.


You might be tempted to use the HTTPRequest.guess_browser_version() instead of an explicit cookie check, but this is a mistake. Most browsers that support cookies provide a way to disable them or the option of disregarding certain cookies at user request, so you can't conclude that the client supports cookies just because it's Mozilla 5.0. Some browsers also provide ways to change the reported user agent, so the reported browser name and version can't be trusted.

Instead of waiting until the session contains some information, you could also just set a test cookie:

    get_response().set_cookie('test_cookie', '1', path='/')

Note that after setting the cookie you have to wait until the next request from the client to see if they actually support cookies (`set_cookie' just modifies the current response).


2010-09-22 22:14