By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,949 Members | 950 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,949 IT Pros & Developers. It's quick & easy.

cookie spec

P: n/a
Anyone know where I can find info on the cookie spec? I seem to be having a
problem(after hours of narrowing it down) where I am using some special
characters that are not allowed in a cookie name or data.

What I'm essentially doing is encrypting the name/data then encoding it
using base64 but base64 uses the special characters +, /, and =. They seem
to be causing problems with the cook being written or read. I have mapped
the ='s into _ and can map the + into - because I think those work for
cookies but I am not sure... and then I have the issue with the /. (which
I'm thinking of using _ for it too but have to handle the case where it
occurs at the end of the string to be encoded(Which will cause it to be
confused with the padding).

Any ideas? This is driving me nuts ;/ (thought it was my encryption part and
spent hours on debugging that ;)

Thanks,
Jon
May 17 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
On May 17, 2:19 pm, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
Anyone know where I can find info on the cookie spec? I seem to be having a
problem(after hours of narrowing it down) where I am using some special
characters that are not allowed in a cookie name or data.

What I'm essentially doing is encrypting the name/data then encoding it
using base64 but base64 uses the special characters +, /, and =. They seem
to be causing problems with the cook being written or read. I have mapped
the ='s into _ and can map the + into - because I think those work for
cookies but I am not sure... and then I have the issue with the /. (which
I'm thinking of using _ for it too but have to handle the case where it
occurs at the end of the string to be encoded(Which will cause it to be
confused with the padding).

Any ideas? This is driving me nuts ;/ (thought it was my encryption part and
spent hours on debugging that ;)

Thanks,
Jon
Interesting problem Jon,

I'm not really sure that the spec will help you, but just in case, you
can read it here:
http://tools.ietf.org/html/rfc2965

The cookie is commonly transported simply as a header extension to the
HTTP protocol, so that spec is probably more relevant:
http://tools.ietf.org/html/rfc2616

Also make sure you are setting the cookie using the php method
setrawcookie(). If using setcookie(), are you accounting for the
automatic urlencod'ing that php does to your cookie value?

Hope that helps,
Carl.

May 17 '07 #2

P: n/a

"Carl" <c.******@gmail.comwrote in message
news:11**********************@k79g2000hse.googlegr oups.com...
On May 17, 2:19 pm, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
>Anyone know where I can find info on the cookie spec? I seem to be having
a
problem(after hours of narrowing it down) where I am using some special
characters that are not allowed in a cookie name or data.

What I'm essentially doing is encrypting the name/data then encoding it
using base64 but base64 uses the special characters +, /, and =. They
seem
to be causing problems with the cook being written or read. I have
mapped
the ='s into _ and can map the + into - because I think those work for
cookies but I am not sure... and then I have the issue with the /. (which
I'm thinking of using _ for it too but have to handle the case where it
occurs at the end of the string to be encoded(Which will cause it to be
confused with the padding).

Any ideas? This is driving me nuts ;/ (thought it was my encryption part
and
spent hours on debugging that ;)

Thanks,
Jon

Interesting problem Jon,

I'm not really sure that the spec will help you, but just in case, you
can read it here:
http://tools.ietf.org/html/rfc2965

The cookie is commonly transported simply as a header extension to the
HTTP protocol, so that spec is probably more relevant:
http://tools.ietf.org/html/rfc2616

Also make sure you are setting the cookie using the php method
setrawcookie(). If using setcookie(), are you accounting for the
automatic urlencod'ing that php does to your cookie value?

Hope that helps,
Carl.
Thanks!!

token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HTCTL = <any US-ASCII
control character
(octets 0 - 31) and DEL (127)>I see here exactly
which characters are not allowedI'm going to try the setrawcookie and see
what happens and if no success I will escape the characters myself. The
issue seems to be with the'/' which is used by base64. The + seems ok...
this is all assuming that the cookies use the grammar properly.Thanks
again!!Jon
May 17 '07 #3

P: n/a
Jon Slaughter wrote:
What I'm essentially doing is encrypting the name/data then encoding it
using base64 but base64 uses the special characters +, /, and =. They seem
to be causing problems with the cook being written or read. I have mapped
the ='s into _ and can map the + into - because I think those work for
cookies but I am not sure... and then I have the issue with the /. (which
I'm thinking of using _ for it too but have to handle the case where it
occurs at the end of the string to be encoded(Which will cause it to be
confused with the padding).
Have you thought instead of using:

$encoded = urlencode(base64_encode($data));

This should create a string consisting of only alphanumeric data and '%'.

To go back the other way:

$data = base64_decode(urldecode($encoded));

--
Toby A Inkster BSc (Hons) ARCS
http://tobyinkster.co.uk/
Geek of ~ HTML/SQL/Perl/PHP/Python/Apache/Linux
May 18 '07 #4

P: n/a

"Toby A Inkster" <us**********@tobyinkster.co.ukwrote in message
news:82************@ophelia.g5n.co.uk...
Jon Slaughter wrote:
>What I'm essentially doing is encrypting the name/data then encoding it
using base64 but base64 uses the special characters +, /, and =. They
seem
to be causing problems with the cook being written or read. I have
mapped
the ='s into _ and can map the + into - because I think those work for
cookies but I am not sure... and then I have the issue with the /. (which
I'm thinking of using _ for it too but have to handle the case where it
occurs at the end of the string to be encoded(Which will cause it to be
confused with the padding).

Have you thought instead of using:

$encoded = urlencode(base64_encode($data));

This should create a string consisting of only alphanumeric data and '%'.

To go back the other way:

$data = base64_decode(urldecode($encoded));
I thought about it... but I didn't know if it would work. probably should
have tried it...

in any case, doesn't setcookie do that anyways? or does it just encode it
and not decode it? just kinda getting tired of trying everything as its not
easy to debug the cookies since I cannot set a cookie in the zend debugger
for some reason.

it does seem to be working now though when I have converted /, =, and + into
#, - and _..

I assume that urlencode is idempotent? else it won't work if I use
setrawcookie and it is not url decoding

Once I finish the code completely I'll go back and look at all this mess and
see what I can do to improve it.

Thanks,
Jon
May 18 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.