From 9865c4f02f81808c54f426cc457cc62bdd357b0a Mon Sep 17 00:00:00 2001
From: MinRK <benjaminrk@gmail.com>
Date: Mon, 6 Jan 2014 14:57:34 -0800
Subject: [PATCH] whitelist alphanumeric characters for cookie_name

should fix #4761
---
 IPython/html/base/handlers.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/IPython/html/base/handlers.py b/IPython/html/base/handlers.py
index 7f85730ac..e2f938f20 100644
--- a/IPython/html/base/handlers.py
+++ b/IPython/html/base/handlers.py
@@ -21,6 +21,7 @@ import functools
 import json
 import logging
 import os
+import re
 import stat
 import sys
 import traceback
@@ -43,6 +44,7 @@ UF_HIDDEN = getattr(stat, 'UF_HIDDEN', 32768)
 #-----------------------------------------------------------------------------
 # Top-level handlers
 #-----------------------------------------------------------------------------
+non_alphanum = re.compile(r'[^A-Za-z0-9]')
 
 class RequestHandler(web.RequestHandler):
     """RequestHandler with default variable setting."""
@@ -71,9 +73,9 @@ class AuthenticatedHandler(RequestHandler):
 
     @property
     def cookie_name(self):
-        default_cookie_name = 'username-{host}'.format(
-            host=self.request.host,
-        ).replace(':', '-')
+        default_cookie_name = non_alphanum.sub('-', 'username-{}'.format(
+            self.request.host
+        ))
         return self.settings.get('cookie_name', default_cookie_name)
     
     @property