[Web-SIG] Move to bless Graham's WSGI 1.1 as official spec
Henry Precheur
henry at precheur.org
Thu Dec 3 20:25:25 CET 2009
On Thu, Dec 03, 2009 at 07:35:14PM +0100, And Clover wrote:
> >I don't know what the HTTP/Cookie spec says about this.
>
> The traditional interpretation of RFC2616 is that headers are ISO-8859-1.
>
> You will notice that no browser correctly follows this.
The RFC 2109 & 2965 say that a cookie's value can be anything:
> The VALUE is opaque to the user agent and may be anything the origin
> server chooses to send, possibly in a server-selected printable ASCII
> encoding.
Theoricaly you could put something like: 'foo\n\0bar' in a cookie.
Also a cookie can include comments which have to be encoded using ...
UTF-8:
> Comment=value
> OPTIONAL. Because cookies can be used to derive or store
> private information about a user, the value of the Comment
> attribute allows an origin server to document how it intends to
> use the cookie. The user can inspect the information to decide
> whether to initiate or continue a session with this cookie.
> Characters in value MUST be in UTF-8 encoding.
--
Henry Prêcheur
More information about the Web-SIG
mailing list