...
Issue | Current behaviour (8.0.0-RC10/7.0.50) | Proposed new behaviour | Servlet + Netscape + RFC2109 | Servlet + RFC 6265 |
0x80 to 0xFF in cookie value (Bug 55917) | IAE | TBD | Netscape yes. RFC2109 requires quotes. | RFC 6265 never allowed. |
CTL allowed in quoted cookie values (Bug 55918) | Allowed | TBD | Not allowed. | Not allowed. |
Quoted values in V0 cookies (Bug 55920) | Quotes removed. | TBD | Netscape - quotes are part of value. | Quotes are not part of value. |
Raw JSON in cookie values (Bug 55921) | TBD | TBD | TBD | TBD |
Allow equals in value | Not by default. Allowed if property set. | TBD | Netscape is ambiguous. RFC2109 requires quoting. | Allowed. |
Allow separators in V0 names and values | Not by default. Allowed if property set. | TBD | Yes except semi-colon, comma and whitespace. | Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash. (semi-colon, etc. allowed in quoted values?) |
Always add expires | Enabled by default. Disabled by property. | TBD | Netsacpe uses expires. RFC2109 uses Max-Age. | Allows either, none or both. |
/ is separator | Enabled by default. Disabled by property. | TBD | Netscape allowed in names and values. RFC2109 allowed in values if quoted. | Allowed in values. |
Strict naming (definition?as per Servlet spec) | Enabled by default. Disabled by property. | TBD | Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec. | Consistent with the Servlet spec. |
Allow name only | Disabled by default. Enabled by property. | TBD | Netscape allowed and equals sign expected before empty value. RFC2109 not allowed. | Allowed but equals sign required before empty value. |
...