When TIdCookie
is parsing a server-side cookie, it no longer removes quote characters from a quoted string in the cookie value. For instance, if a cookie is received as name="value"
, the resulting cookie value will now be "value"
instead of value
. This is more inline with the rules of RFC 6265.
A user was connecting to a server that was sending cookies containing escaped JSON quoted strings in the cookie values, ie name="{\"field\": \"value\"}"
, which TIdCookie
was truncating to {\
, breaking the server. Now those cookie values are parsed as the full "{\"field\": \"value\"}"
strings.
At this time, TIdCookie
still removes quotes from quoted strings in cookie attributes. For example, in name=value; Path="/path"
, the value of the Path attribute will be parsed out as /path
and not as "/path"
.