1

What is cookie allowed characters in modern/nowadays browsers if you use cookies to encode utf-8 string or binary informations?

I found some answer on StackOverflow from 2009 year but it is obsolete and refer to modern browsers at all since after 5 years things are changing.

I study already theory - less or more:

  1. http://en.wikipedia.org/wiki/HTTP_cookie
  2. https://www.rfc-editor.org/rfc/rfc2965
  3. https://www.rfc-editor.org/rfc/rfc6265
  4. https://www.rfc-editor.org/rfc/rfc2109
  5. https://www.rfc-editor.org/rfc/rfc2616

How it looks in practice in modern:

  1. Chrome
  2. Firefox
  3. Safari
  4. IE (XP, Win7, Win8)
  5. Opera
  6. Android/iOS

Can you suggest what characters should be used?

What encoding should be used (base64?)?

Community
  • 1
  • 1
Chameleon
  • 9,722
  • 16
  • 65
  • 127
  • The cookie spec has not changed at all so data from 2009 is still relevant. Also, the cookie _spec_ is completely independent of browsers. – T Nguyen Mar 25 '14 at 16:57
  • I am sure that spec from 2009 is still relevant but it not mean that modern browsers will not support utf8 without encodings to base64 or use urlencode methods. – Chameleon Mar 26 '14 at 00:45

1 Answers1

0

Valid characters in cookie for browser has not changed. What is mentioned in allowed-characters-in-cookies is still valid.

But with a recent experience of JBoss upgrade, I would suggest URLEncode the base64 string and use it as cookie value. Reason being = is control character as per spec. Discussed and debated in detail at TomcatBugzilla-44679.

Community
  • 1
  • 1
Badri Narayan Manicka
  • 113
  • 6
  • Maybe it is internal JBoss bug - since all comes as http headers. Thanks for suggestion - I am using some slang base64 what is waste of bytes but very sure. I read response to this old answer but it is not clear as this internet standard. – Chameleon Mar 26 '14 at 00:41