Jun 16, 2000, 9:53 AM
Post #1 of 1
Ok, I'm trying to understand the format of cookies. From what I understand, writing a cookie in an HTTP header takes the following format:
Cookies and encoding reserved characters.
And the header can also include the following: expires, path, domain, secure.
Anyway, certain characters are not allowed in the name and value and therefore they must be encoded. My main question is, what characters are not allowed?
My current conclusion is: space, semicolon, comma and equal sign.
I understand the need to reserve the space, semicolon and equal sign, but I don't understand the need for the comma. Am I incorrect about the comma, or is there a reason for it?
Is it possible to write more than one cookie without each having it's own Set-Cookie line? This is the only thing I could think of a comma being used for (e.g. n=v, n=v, n=v .
Also, it seems that the common convention for encoding these character is to convert them to a hash (%) followed by a double-digit hexidecimal ascii value. This also requires that the hash (%) be converted.
Finally, it seems that there is a convention to encode spaces as plus signs rather than as %20's, which requires that plus signs be a reserved character.
So, in summary:
- Are there any reserved characters that I'm missing?
- Is the comma a reserved characters and if so, why?
- Can more than one name/value pair be included on a single line?
Thanks for any response,