Closed voltace closed 9 years ago
RFC6265 specifies a cookie name is of the type token:
token
set-cookie-header = "Set-Cookie:" SP set-cookie-string set-cookie-string = cookie-pair *( ";" SP cookie-av ) cookie-pair = cookie-name "=" cookie-value cookie-name = token cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ; US-ASCII characters excluding CTLs, ; whitespace DQUOTE, comma, semicolon, ; and backslash token = <token, defined in [RFC2616], Section 2.2>
The definition of a token according to RFC2616:
token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
Currently cookie names are encoded using encodeURIComponent which encodes all separators defined in RFC2616 except for ( and ). Additionally encodeURIComponent encodes the characters # $ & + ^ |while this is not required for atoken`.
encodeURIComponent
(
)
# $ & + ^
while this is not required for a
RFC6265 specifies a cookie name is of the type
token:The definition of a token according to RFC2616:
Currently cookie names are encoded using
encodeURIComponentwhich encodes all separators defined in RFC2616 except for(and). AdditionallyencodeURIComponentencodes the characters# $ & + ^|while this is not required for atoken`.