Forum Discussion

gnomemade_16346's avatar
gnomemade_16346
Icon for Nimbostratus rankNimbostratus
Mar 17, 2015

Adding spaces between semicolon seperated cookie elements

I'm using the following irule to add secure/httpOnly attributes to cookies:

when HTTP_RESPONSE {

foreach aCookie [HTTP::cookie names] {
        set ck_value [HTTP::cookie value $aCookie]
        set ck_path [HTTP::cookie path $aCookie]
        HTTP::cookie remove $aCookie
        HTTP::cookie insert name $aCookie value $ck_value path $ck_path version 1
        HTTP::cookie httponly $aCookie enable
        HTTP::cookie secure $aCookie enable
        }
}

It's doing what I want but the resulting cookie looks like this with no spaces after the semicolons:

Set-Cookie:.ASPXAUTH=xxxxxxxxxxxxxxxxxxx;Secure;HttpOnly;Path=/;Version=1;

Everything is working as it should but not having a space after the semicolons makes it a little harder to read and I can't seem to find any info if no spaces is acceptable from a standards perspective.

Can anyone tell me if having no spaces is ok from a standards / compatibility standpoint and if there is an easy way to add a space after each semicolon?

  • Hi,

    Based on RFC6265 http://tools.ietf.org/html/rfc6265section-5.2 Section 5.2, Step 5 then RFC says to strip the white space characters. Having no spaces should be find from a standards point of view.

    
    The user agent MUST use an algorithm equivalent to the following
       algorithm to parse the unparsed-attributes:
    
       1.  If the unparsed-attributes string is empty, skip the rest of
           these steps.
    
       2.  Discard the first character of the unparsed-attributes (which
           will be a %x3B (";") character).
    
       3.  If the remaining unparsed-attributes contains a %x3B (";")
           character:
    
         Consume the characters of the unparsed-attributes up to, but
              not including, the first %x3B (";") character.
    
           Otherwise:
    
           Consume the remainder of the unparsed-attributes.
    
           Let the cookie-av string be the characters consumed in this step.
    
       4.  If the cookie-av string contains a %x3D ("=") character:
    
           The (possibly empty) attribute-name string consists of the
              characters up to, but not including, the first %x3D ("=")
              character, and the (possibly empty) attribute-value string
              consists of the characters after the first %x3D ("=")
              character.
    
           Otherwise:
    
           The attribute-name string consists of the entire cookie-av
              string, and the attribute-value string is empty.
    
       5.  Remove any leading or trailing WSP characters from the attribute-
           name string and the attribute-value string.
    
       6.  Process the attribute-name and attribute-value according to the
           requirements in the following subsections.  (Notice that
           attributes with unrecognized attribute-names are ignored.)
    
       7.  Return to Step 1 of this algorithm.
    
    

    -Seth