Changelog

Small change to Cookie parsing

When TIdCookie is parsing a server-side cookie, it no longer removes quote characters from a quoted string in the cookie value.  For instance, if a cookie is received as name="value", the resulting cookie value will now be "value" instead of value.  This is more inline with the rules of RFC 6265.

A user was connecting to a server that was sending cookies containing escaped JSON quoted strings in the cookie values, ie name="{\"field\": \"value\"}", which TIdCookie was truncating to {\, breaking the server. Now those cookie values are parsed as the full "{\"field\": \"value\"}" strings.

At this time, TIdCookie still removes quotes from quoted strings in cookie attributes.  For example, in name=value; Path="/path", the value of the Path attribute will be parsed out as /path and not as "/path".

Leave a Reply

Your email address will not be published. Required fields are marked *