Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Per the section 4.1.1 rules quoted in the article, cookie values can be optionally quoted:

> cookie-value = cookie-octet / ( DQUOTE cookie-octet DQUOTE )



That is true, but in that case they are part of the value itself, they're not doing anything special:

> Per the grammar above, the cookie-value MAY be wrapped in DQUOTE characters. Note that in this case, the initial and trailing DQUOTE characters are not stripped. They are part of the cookie-value, and will be included in Cookie header fields sent to the server.


Why does the specification specifically mention them, then?


To clarify that by the spec, double quotes are allowed in the cookie value, but only at the beginning and end.

As for why that is, I have no idea.


Ah, thanks for the clarification!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: