Search code examples
pythoncookiesunicodetornado

Tornado set_secure_cookie unicode error


i recently try to follow the tornado cookies and secure cookies overview and make the example given.

I got a strange error when my server try to execute set_secure_cookie(..):

File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/escape.py", line 168, in utf8
assert isinstance(value, unicode)
AssertionError

What i'm doing wrong ?

My Tornado Server:

import tornado.auth
import tornado.escape
import tornado.httpserver
import tornado.ioloop
import tornado.options
import tornado.web
import Settings

from tornado.options import define, options

define("port", default=8888, help="run on the given port", type=int)

class BaseHandler(tornado.web.RequestHandler):
    def get_current_user(self):
        return self.get_secure_cookie("user")

class MainHandler(BaseHandler):
    @tornado.web.authenticated
    def get(self):
        name = tornado.escape.xhtml_escape(self.current_user)
        self.write("Hello, " + name)

class LoginHandler(BaseHandler):
    def get(self):
        self.write('<html><body><form action="/login" method="post">'
                   'Name: <input type="text" name="name">'
                   '<input type="submit" value="Sign in">'
                   '</form></body></html>')

    def post(self):
        self.set_secure_cookie("user", self.get_argument("name"))
        self.redirect("/")

class Application(tornado.web.Application):
    def __init__(self):
        handlers = [
            (r"/", MainHandler),
            (r"/login", LoginHandler),
        ]
        settings = {
            "template_path":Settings.TEMPLATE_PATH,
            "static_path":Settings.STATIC_PATH,
            "debug":Settings.DEBUG,
            "cookie_secret": Settings.COOKIE_SECRET,
            "login_url": "/login"
        }
        tornado.web.Application.__init__(self, handlers, **settings)

def main():
    tornado.options.parse_command_line()
    http_server = tornado.httpserver.HTTPServer(Application())
    http_server.listen(options.port)
    tornado.ioloop.IOLoop.instance().start()

if __name__ == "__main__":
    main()

full traceback:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/web.py", line 1042, in _execute
    getattr(self, self.request.method.lower())(*args, **kwargs)
  File "/home/gvincent/Dropbox/workspace/scubabook/WebServer.py", line 31, in post
    self.set_secure_cookie("user", self.get_argument("name"))
  File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/web.py", line 426, in set_secure_cookie
    self.set_cookie(name, self.create_signed_value(name, value),
  File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/web.py", line 438, in create_signed_value
    name, value)
  File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/web.py", line 2029, in create_signed_value
    signature = _create_signature(secret, name, value, timestamp)
  File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/web.py", line 2066, in _create_signature
    hash = hmac.new(utf8(secret), digestmod=hashlib.sha1)
  File "/usr/local/lib/python2.7/dist-packages/tornado-2.4.1-py2.7.egg/tornado/escape.py", line 168, in utf8
    assert isinstance(value, unicode)
AssertionError
Solution

  • Your Settings.COOKIE_SECRET value must be a unicode or str object.

    The assertion you see is only raised if that is not the case. You'll need to tripple-check that your Settings.COOKIE_SECRET value is not a list, a tuple, a bytesarray or any other type that is not str or unicode.