net/http: cookie name can't contain "[" and "]"

[mlaraluna]

Golang 1.8, Ubuntu 16.04 64 Bit, Golang cannot using [ and ] for cookie name. for example
ck1 := http.Cookie{
Name: "[id]",
Value: "12345",
HttpOnly: true,
}
http.SetCookie(w, &ck1)

it will not be set,

it happen in httpserver and http client, for example this website ricardoalcala.com will set cookies that contain [ and ] in cookies name, if i make http request using cookiejar that cookie will not be save.

[bradfitz]

/cc @odeke-em @nigeltao @vdobler

[vdobler]

From https://tools.ietf.org/html/rfc6265#section-4.1.1: cookie-name is a "token2 defined
in https://tools.ietf.org/html/rfc2616#section-2.2 which is:

token          = 1*<any CHAR except CTLs or separators>
separators     = "(" | ")" | "<" | ">" | "@"
                  | "," | ";" | ":" | "\" | <">
                  | "/" | "[" | "]" | "?" | "="
                  | "{" | "}" | SP | HT

So: works as intended as a valid cookie-name must contain neither "[" nor "]".

If ricardoalcala.com really tries to set cookies with [ or ] in the name, then it is
the fault of ricardoalcala.com. In that case it is still possible to access, parse
and handle the Set-Cookie header by hand and implement non-standard
behaviour.