![]() ![]() In PHP, setcookie() function encodes cookie values using urlencode() function, which applies %-encoding but also encodes spaces as signs, for historical reasons. PHP applies non-standard encoding and decoding for cookies, which can create problems when used in conjunction with other cookie libraries. I think it is very important to add a section in the docs about compatibility with PHP. I have checked few other cookie JS libraries and none of the can work in a PHP-compatible behavior out of the box. I can assure you that it will be useful to many developers, after all, PHP is the most widely used language for web development. I am pretty sure this is going to be very useful for someone (because I don't use PHP xD). I'm not sure whether there that is problem in PHP or browser or both, I didn't investigate further, but thought I'd mention anyway. When I tried saving a cookie in PHP with Unicode characters (natively in UTF-8) in cookie name, they were stored in browser (Firefox) in a mangled form. using an object instead of adding an additional parameter to Cookies.withConverter(). What it meant is that I found the selected "approach" quote interesting, i.e. I understand "idea" has some kind of ethical definitions. Thank you very much for your insights regarding PHP behavior. ) so it will be treated correctly using js-cookie because we encode those characters. The "token" does not allow, , SP or CTLs ( \t, \n, \r. The cookie-name is interpreted as "token" in the RFC 6265. Warning: Cookie names cannot contain any of the following '=, \t\r\n\013\014' I didn't understand what you mean by "ANSI garbage", could you elaborate? They don't use percent-encoding?ĭoes not allow using any of these characters =, \t\r\n\013\014 displaying the following warning: UTF-8 characters get mangled into some kind of ANSI garbage js-cookie uses decodeURIComponent in the default decoding mechanism for any sequence of /(%) /g characters (the percent-encoding format). That probably would have no problem as long as browsers are able to interpret it correctly. But for the literal sense of the word, #71 was not exactly "my idea".Ĭookie names do not seem to get encoded in any way Create a converter for js-cookie that allows changing the method used to write the cookie, the same way this is done now for reading the idea with passing converter as an object with read and write properties looks great!.Create a php-cookie project that exposes a proper cookie handling API for php (You say this is not feasible because other methods depend on the wrong behavior, but it would be interesting to try it out).Unfortunately we can't change the way the "plus" is encoded because that would break backwards compatibility, since the character is permitted by the spec and the docs says that:Īll special characters that are not allowed in the cookie-name or cookie-value are encoded with each one's UTF-8 Hex equivalent using percent-encoding. ![]() In that case there's no way to handle it unless you parse the headers manually with a custom function. Of course, the problem as I understand is that, if you use the default function to retrieve the cookie, PHP already replaces that without notice. Create a function that decodes the cookie in a per application basis (liberal on what you accept), but make it sure that what is written is written correctly using setrawcookie($name, rawurlencode($value)) (be conservative in what you send). In php case, it would make sense to do the same. In js-cookie case, we are conservative on what we send (we have a default procedure to encode the cookie), and we are liberal in what we accept from others (we allow converters to specify a custom decoding mechanism). Implementing converters that also allows writing the cookie in a different format have crossed my mind when I added it, but I didn't had strong evidence that it would be useful for the majority of cases, where you can just replace the desired characters.Īlso, it would be a best practice to use the robustness principle when dealing with this kind of problem:īe conservative in what you do, be liberal in what you accept from others (often reworded as "Be conservative in what you send, be liberal in what you accept"). Previously we had raw and json that tried to solve similar problems, that lead to lots of confusion, converters were added in v2 to fix the decoding issue regarding third party cookies set in the server. Could that small diff be incorporated into this library perhaps as an option, e.g. ![]()
0 Comments
Leave a Reply. |