Menu
A HTTP Cookie consists of a name-value pair and can be set by the server using this response:
HTTP/1.0 200 OK Content-type: text/html Set-Cookie: name=value Set-Cookie: name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT Future requests from the client will then look like this:
GET /spec.html HTTP/1.1 Host: www.example.org Cookie: name=value; name2=value2 Is the name of the cookie case sensitive?
For example, if my server sends a response as such:
HTTP/1.0 200 OK Content-type: text/html Set-Cookie: Aaaa=Bbbb Set-Cookie: aAaa=bBbb Set-Cookie: aaAa=bbBb Set-Cookie: aaaA=bbbB Is it reasonable to expect a client (Chrome, FireFox, Safari, IExplorer, Opera, etc) to send future requests with the header Cookie: Aaaa=Bbbb; aAaa=bBbb; aaAa=bbBb; aaaA=bbbB;?
Note: Question is neither JSP-specific, PHP-specific, nor ASP-specific.
409
The header value for Set-Cookie header is case-sensitive. The header field value for the Connection header is case-insensitive.
There are two policies for SameSite attribute, defined by its values (case-insensitive): Strict and Lax.
The request method is case-sensitive. The method token is case-sensitive because it might be used as a gateway to object-based systems with case-sensitive method names.
Cookie names are case-sensitive. The RFC does not state that explicitly, but each case-insensitive comparison is stated so explicitly, and there is no such explicit statement regarding the name of the cookie. Chrome and Firefox both treat cookies as case-sensitive and preserve all case variants as distinct cookies.
Test case (PHP):
print_r($_COOKIE); setcookie('foo', '123'); setcookie('Foo', '456'); Load script twice, observe $_COOKIE dump on second run.
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
