Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Quoted cookie value in Set-Cookie header #1170
However, the header syntax described in RFC 6265, section 4.1.1 does not seem to specify such behavior. While not stated explicitly, the surrounding quotes are meant to remain part of the cookie value.
Preserving the quotes appears consistent with Firefox, IE, and presumably other browsers. There are also server applications that break when these quotes are stripped off.
I am proposing to modify the parser to align it with the browser behavior. (I will be happy to implement the change but some discussion might be in order.)
...will be parsed as: