The Cookie module defines classes for abstracting the concept of cookies, an HTTP state management mechanism. It supports both simple string-only cookies, and provides an abstraction for having any serializable data-type as cookie value.
The module formerly strictly applied the parsing rules described in in the RFC 2109 and RFC 2068 specifications. It has since been discovered that MSIE 3.0x doesn't follow the character rules outlined in those specs. As a result, the parsing rules used are a bit less strict.
If input is given, it is passed to the load() method.
Do not use this class! Reading pickled values from untrusted cookie data is a huge security hole, as pickle strings can be crafted to cause arbitrary code to execute on your server. It is supported for backwards compatibility only, and may eventually go away.
Note: The same security warning from SerialCookie applies here.
A further security note is warranted. For backwards compatibility, the Cookie module exports a class named Cookie which is just an alias for SmartCookie. This is probably a mistake and will likely be removed in a future version. You should not use the Cookie class in your applications, for the same reason why you should not use the SerialCookie class.