I did some thinking and research following ZF-1850, and it seems that currently, Zend_Http_Client and Zend_Http_Cookie are a bit problematic when it comes to encoding cookie values.
Currently, we are urlencode()ing all cookie values. Apparently this is not a problem when PHP is on the other side (PHP automatically decodes this) but is a problem with other handlers. It is also not required by the RFC (there is no real standard for cookies, but semi-official documents do not require encoding - they only disallow some characters). The reason I used urlencode() is because I thought that since setcookie() encodes cookie values this way, it is some kind of de-facto standard. Apparently it is not. To allow raw cookie values (a-la setrawcookie()), I see two options: 1. Stop encoding all together, and only disallow some characters which are incorrectly handled at the other side (those are ";", "\r" and "\n" as far as I can tell. This will be the simplest approach, and might or might not break some applications - I have to test this more thoroughly. 2. Allow for an encoding callback to be set as a configuration option for Zend_Http_Client and Zend_Http_CookieJar, and as a parameter for Zend_Http_Cookie->getValue(). This will allow more flexibility, but will make things a bit more cumbersome under the hood. Also, there is always the question of what to use by default. Any thoughts, suggestions or objections are welcome. TIA, Shahar.
signature.asc
Description: This is a digitally signed message part
