...
Issue | Current behaviour (8.0.0-RC10/7.0.50) | Proposed new behaviour | Strict Servlet (+ Netscape + RFC2109) | Servlet + RFC 6265 | |
0x80 to 0xFF in cookie value (Bug 55917) | IAE | TBD | TBD | Netscape yes. RFC2109 requires quotes. | RFC 6265 never allowedTBD |
CTL allowed in quoted cookie values (Bug 55918) | Allowed | TBD | TBD | TBD | |
Quoted values in V0 cookies (Bug 55920) | Quotes removed | TBD | TBD | TBD | |
Raw JSON in cookie values (Bug 55921) | TBD | TBD | TBD | TBD | |
Allow equals in value | Not by default. Allowed if property set. | TBD | Netscape is ambiguous. RFC2109 requires quoting. | TBD | |
Allow separators in V0 names and values | Not by default. Allowed if property set. | TBD | TBD | TBD | |
Always add expires | Enabled by default. Disabled by property. | TBD | TBD | TBD | |
/ is separator | Enabled by default. Disabled by property. | TBD | TBD | TBD | |
Strict naming | Enabled by default. Disabled by property. | TBD | TBD | TBD | |
Allow name only | Disabled by default. Enabled by property. | TBD | TBD | TBD |
...
TODO: Need to define behaviour for each of the issues above.