According to RFC 2109 , the cookie value is “opaque to the user agent and may be what the origin server chooses to send, possibly on the server-selected ASCII encoding for printing.”
As a result of this, different languages / platforms / server send a different cookie value, even when the original value is the same.
For example, C # / ASP.NET sends text as is; classic ASP urlencodes and urldecodes text; Perl / Apache urlencodes / decodes text (but different from ASP!). Php gives you the opportunity.
I am writing a single sign-on system that should share a cookie with completely different applications. In particular, I have .NET, Java, Perl, ColdFusion, which need to be supported out of the box.
The text stored in the cookie is always a valid ASCII-7 string . However, Perl likes to encode some 7-bit ASCII characters, for example.
I see two main alternatives for doing this job:
Accept only non-encoded values. In the end, there is no need to encode them. So it is at the moment. Obviously, all integrated systems must be able to support unencrypted values.
Accept both encoded and non-encoded values. This would allow for maximum compatibility out of the box, but I would need to determine whether or not a specific value was encoded (which sounds completely impossible: "% 20" is the literal string "% 20" or a space?)
? №2, UrlEncoded?
cookie ( , )
A5A2794D694241AD92F9B22F288EFAA1|8428DCCC|20090821142732|20090821142832|
10.100.107.40|955098D50AB4982D4E247EFA53F4E23B32A05ED0131E096709BE1D8CCC
8A3CA18252D376473C244FD71C462AB42CF54C