Rails encoding of cookie not compatible with JavaScript decodeURIComponent

Question

jquery.cookie retrieves value by using decodeURIComponent . https://github.com/carhartl/jquery-cookie/blob/master/jquery.cookie.js#L89

Rails stores cookie by calling

@set_cookies.each { |k, v| ::Rack::Utils.set_cookie_header!(headers, k, v) 
if write_cookie?(v) }

As you can see the rack util replaces whitespace with a plus sign.

https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L18

If I use encodeURIComponent of Javascript then the coded value for 'hello world' is

"hello%20world"

However rails is storing cookie value as

"hello+world"

Who is right?

Where can I see what the specifications says about storing cookie value.

Answer 1

Not sure if this question has been abandoned, but recently came across a similar issue myself.

Cookies are defined in RFC2109: http://www.ietf.org/rfc/rfc2109.txt The standard refers to RFC2068 for some definitions or special characters etc: http://www.ietf.org/rfc/rfc2068.txt

So far as I can tell, it only defines that you can't use reserved characters in the cookie values. It doesn't appear to define the encoding scheme that you must use. i.e. either is OK, as long as you do it consistently.

In your jQuery cookie code, you can specify the 'raw' option, which will not do the decodeURIComponent stuff, allowing you to decode it however you like.