I am managing a high traffic ssl website with apache/mod_wsgi/python. Very from time to time (around 10 x in 3 several weeks) I have seen additional garbage figures in publish data.

Usually it has been as a extra char in the finish.

('access.uid', 'allowxba')

('checksum', 'b219d6a006ebd95691d0d7b468a94510496c5dd8xff')

Once although it was in the center of someone's password. Something similar to:

('login_password', 'samplepassxe7word')

I have attempted to rebuild the request with the same headers however i weren't in a position to duplicate the mistake. Anybody have ideas about what is leading to this or any ideas of methods I possibly could start recreating and fixing this issue?

(Replicated from below):
I am using apache-2.2.17_1 – Peter Marly 15 at 18:09 I am using mod_wsgi-3.3_1 on a single machine and mod_wsgi-2.8_1 on another. I have seen this error on.

What version of Apache are you currently using? From memory, around Apache 2.2.12-2.2.15 there have been various SSL fixes. You might like to make sure you are utilizing Apache 2.2.15 or later.

what goes on should you print eval("u'%s'"%garbled_text)? does the output look likely (I realize that you might not have the ability to publish sensitive data)

It appears in my experience like somewhere it's presuming you are reading through ASCII despite the fact that you've told it to see utf-8.

Are we able to begin to see the code that reads this Publish data into python, or where it's specified and from what input form?

Because you stated all errors happened in IE 7 or 8 I am beginning to suspect the mistake happens client-side within the browser. I have never heard about anything such as this error and that i have no idea what otherwise might cause it server-side aside from hardware failure (though that appears strange too since only one character is added). Possibly you need to suggest your customers to upgrade to some decent browser?

This looks greatly like chunked HTTP/1.1.

Make use of an appropriate handler to not-chunk it just before parsing. See [1], [2].

An alternative choice would be to only accept HTTP/1. which does not have chunking whatsoever, but this might have disadvantages.