What is going on with the following cookie:
"=value"
In Chrome and Firefox this is identical to:
"value"
i.e. the value for empty cookie name becomes a cookie name.
Is there any official reason for this behavior?
Asked
Active
Viewed 2,396 times
3 Answers
1
The cookie RFC standards are a bit vague and contradictory in places, and have also changed behaviour over various revisions. Consequently, the browsers also have varying behaviour as far as the requirements for cookies. So in short, for some browsers an empty cookie name is fine, for others not. If this is an app you're building (that you want to work across the various browsers) then you'd be probably safest setting a cookie name.
https://www.rfc-editor.org/rfc/rfc6265#section-5.2
5. If the name string is empty, ignore the set-cookie-string
entirely.
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-05#section-5.3
2. If the name-value-pair string lacks a %x3D ("=") character, then
the name string is empty, and the value string is the value of
name-value-pair.
Otherwise, the name string consists of the characters up to, but
not including, the first %x3D ("=") character, and the (possibly
empty) value string consists of the characters after the first
%x3D ("=") character.
jonrsharpe
- 115,751
- 26
- 228
- 437
Buffoonism
- 1,669
- 11
- 11
0
I stumbled upon the same question today.
To clarify the answer of @buffoonism ...
https://stackoverflow.com/a/72250741/2323764
The set-cookie header must be ignored.
codekandis
- 712
- 1
- 11
- 22