MemcachedKeyLengthError with a long anoncsrf cookie

[rik]

From a traceback on affiliates:

Traceback (most recent call last):

File "/data/www/affiliates.mozilla.org/affiliates-app/vendor/src/django/django/core/handlers/base.py", line 89, in get_response
response = middleware_method(request)

File "/data/www/affiliates.mozilla.org/affiliates-app/vendor/src/django-session-csrf/session_csrf/init.py", line 53, in process_request
token = cache.get(PREFIX + key, '')

File "/data/www/affiliates.mozilla.org/affiliates-app/vendor/src/django/django/core/cache/backends/memcached.py", line 58, in get
val = self._cache.get(key)

File "/data/www/affiliates.mozilla.org/affiliates-app/vendor/lib/python/memcache.py", line 779, in get
return self._get('get', key)

File "/data/www/affiliates.mozilla.org/affiliates-app/vendor/lib/python/memcache.py", line 747, in _get
self.check_key(key)

File "/data/www/affiliates.mozilla.org/affiliates-app/vendor/lib/python/memcache.py", line 940, in check_key
% self.server_max_key_length)

MemcachedKeyLengthError: Key length is > 250

[jbalogh]

Where is the super long token coming from? Django defaults to 32 characters.

[rik]

Oops, sorry, forgot to paste an example:

COOKIES:{'anoncsrf': '//%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/%25252e%25252e/etc/passwd'},

[jbalogh]

Is this from @stephendonner?

[stephendonner]

I haven't run any security testing against Affiliates in a while; when was this from?

[rik]

Almost two hours ago. Discussing with security at the same time on IRC.

[Sancus]

This was fixed by the above PR, no?