Possible Duplicate:
Allowed characters in cookies
I need to separate values in a cookie. So I chose &'s to separate name=value pairs just like I would in a URL. There can be multiple values too for a name, so I separate those with a colon.
My question is if this is legal? Do I need to URL encode everything? The values can have colon开发者_JAVA技巧s inside them, so I thought I'd URL encode the values in order to make sure the colons in a value don't conflict with the separator character. I read somewhere that enclosing the entire cookie with apostrophes works too, does that make sense?
If this is not legal, what's the best way to store my multiple name/value pairs that often have multiple values per name (in a specific order, so I can't just duplicate the name/values)?
You will have to percent-escape the characters contained in the name and value parts of the cookie, just like you should already be doing. For example, =
would become %3D
, &
would become %26
, etc. Just build up the string you want to use for your cookie value and run it through your language/framework's URI escaping function. If your framework has a method for setting cookies and it takes distinct name/value arguments, it should be doing this for you.
精彩评论