gavacho
commented
10 years ago Would you consider introducing a configuration switch to opt out of escaping key names?
Closed gavacho closed 10 years ago
gavacho
commented
10 years ago Would you consider introducing a configuration switch to opt out of escaping key names?
ScottHamper
commented
10 years ago Hey Ken,
Thanks for checking out the library! Cookies.js encodes cookie keys and values in an attempt to comply with the specifications described in RFC6265 section 4.1.1. That said, I did some more research on this issue and discovered that Cookies.js is actually encoding the cookie names incorrectly! I can't believe I didn't see this sooner!
However, the RFC still does not allow the use of the [ and ] characters in a cookie name. RFC6265 declares that a cookie name be a "token" as defined in RFC2616. A token is any "CHAR" except for "CTLs" and "separators", and the square brackets are defined as separators!
So I will certainly fix the encoding issues that Cookies.js has, but I do not like the idea of breaking compliance with the RFC even if some/all browsers support invalid characters.
I don't know how realistic of a suggestion this may be for you, but I would consider changing your cookie names to be compatible with the RFC - either by removing the square brackets entirely or by also handling the encoding of those characters server side.
gavacho
commented
10 years ago Thank you very much for providing links to the documentation!! We'll fix our cookies and adopt your library. Much obliged, sir.
ScottHamper
commented
10 years ago No problem, Ken! Glad to hear it.
Thanks again for your contribution. As a result of it, I've created Issue 18 to specifically address the incorrect encoding of cookie keys. I'll hopefully have time this weekend to get that fixed.
Hi, I can't find any documentation which supports your library's notion that cookie values should be encoded. We have cookies names which contain the
[]characters so we're unable to use your awesome library :(