...
Requirement | Servlet | Netscape | RFC2109 | RFC6265 | |
Format of name | Must conform to RFC2109. Vendors may provide option to allow Netscape format | A sequence of characters excluding semi-colon, comma and white space. Browsers generally stop at first equals, | token | token | |
Format of value | The value can be anything the server chooses to send. With Version 0 cookies, values should not contain white space, brackets, parentheses, equals signs, commas, double quotes, slashes, question marks, at signs, colons, and semicolons. Empty values may not behave the same way on all browsers. | This string is a sequence of characters excluding semi-colon, comma and white space. | token | quoted-string | cookie-value |
Domain | String, per RFC2109 | domain=DOMAIN_NAME | "Domain" "=" value | "Domain=" domain-value | |
Path | String, per RFC2109 | path=PATH | "Path" "=" value | "Path=" path-value | |
Secure | boolean | secure | "Secure" | "Secure" | |
HttpOnly | boolean | N/A | N/A | "HttpOnly" | |
Expires | N/A | expires=DATE as "Wdy, DD-Mon-YYYY HH:MM:SS GMT" | N/A | "Expires=" sane-cookie-date | |
Max-Age | int in seconds | N/A | "Max-Age" "=" value | "Max-Age=" non-zero-digit *DIGIT | |
Comment | String | N/A | "Comment" "=" value | allowed by extension | |
Version | int (0 or 1) | N/A | "Version" "=" 1*DIGIT | allowed by extension | |
Extension | N/A | N/A | N/A | any CHAR except CTLs or ";" |
The RI defines a vendor system property "org.glassfish.web.rfc2109_cookie_names_enforced" (default true) that controls the characters permitted in the name argument. If true, RFC2616 separators (including "/") will trigger an IllegalArgumentException; if false, only comma, semicolon and space are considered invalid.
Current Implementation
Cookie
...