PHP - setrawcookie() returns false

Question

I'm currently trying to connect with my project's RESTful API, using it's SignIn function, which returns an authorization token to use as a cookie. Most of our project is written in C#, but I'm trying to create a SignIn method in PHP and have been running into an issue.

I've managed to fetch the authorization token as a string back from the API, however everytime I try and set that string as the value of a cookie, the cookie I get back has incorrect characters in it.

For example, the cookie that is set for SignIn on our RESTful API looks like this:

1DEbKeyynVTbXeRJ2i5j2+UgwgmuD17VgQ

However the cookie I get when using setcookie() gives me...

1DEbKeyynVTbXeRJ2i5j2%2BUgwgmuD17VgQ

The "+" character is being turned into a "%2B". I've heard of using setrawcookie() as a solution to this, however my setrawcookie() returns false where setcookie() returns true.

This doesn't work:

$result = curl_exec($ch);
echo setrawcookie("authtoken", $result, 0, "/", "www.arbitratum.com", 1);

This DOES work, but gives me the %2B in place of +.

$result = curl_exec($ch);
echo setcookie("authtoken", $result, 0, "/", "www.arbitratum.com", 1);

Does anyone have any idea why this might not be working? Or how I can get the correct characters in my cookie? When I echo the $result string, the string that displays in my browser uses the correct "+" character, so I'm really confused as to what the issue is.

Answer 1

Cookies are url encoded, so when send via HTTP + gets replaced by %2B, to comply with the specification every browser and backend server knows (or shuold know) how to handle that.

So the question would be how you're handling the cookie in C#... are you simply reading the header information from the request, then you should remember to url decode the values, this way you'll get back the string containing the + character.