net/http: document that SetCookie name must be valid

[carbocation]

In net/http, before cookies are read, they are checked to ensure they have a valid name. However, when setting a cookie, an invalid name may be used; rather than being permitted, this should trigger an error.

There is further discussion on the gorilla sessions topic in which it was suggested that I raise this possibility here.

To answer the questions in the guidelines:
What version of Go are you using (go version)? 1.4
What operating system and processor architecture are you using? OS X 64-bit
What did you do? Created a cookie with an empty name (or spaces, or other invalid characters) and set it in a way that was seemingly successful.
What did you expect to see? I expected to see an error.
What did you see instead? I saw my cookie get set, but I could not read it (as its name is invalid, and correctly filtered out on the reading end of things).

[bradfitz]

I'm not sure there's anything to do here. We can't change the signature to return an error, and a panic would be unexpected.

This might just be "Status: Unfortunate".

Maybe we just add documentation to say that the cookie name must be valid on Set-Cookie.

[carbocation]

Your point is well taken. Documentation would be valuable - and I wonder if a signature change for 2.0 could be considered (if I am correctly recalling the go compatibility guarantees)?

[adg]

@carbocation sure, the http package will change dramatically in 2.0. Lots of improvements to be made with API changes.

[gopherbot]

CL https://golang.org/cl/11701 mentions this issue.