PHP cookie special chars

I'm storing multiple information in cookies in j开发者_StackOverflowavascript. The information pieces are separated by a "+" sign, like document.cookie ='cookie1'+'='+inf1+'+'+inf2.

But when I'm echoing out these cookies from PHP, the separating "+" sign is replaced with a space.

I've tried to echo with addslashes, didn't work. When I'm alerting the the cookie from JS it's alright, it shows the separating "+" sign.

Anyone out there knows a solution for this?

That’s weird — there is no specification that states a cookie should be treated as application/x-www-form-urlencoded:

• Netscape’s original draft stated:

  NAME=VALUE
  

  This string is a sequence of characters excluding semi-colon, comma and white space. If there is a need to place such data in the name or value, some encoding method such as URL style %XX encoding is recommended, though no encoding is defined or required.

  So this is the plain percent-encoding.

• RFC 2109 states:

  cookie          =       NAME "=" VALUE *(";" cookie-av)
  NAME            =       attr
  VALUE           =       value
  

  Where attr and value are specified as:

  attr            =       token
  value           =       word
  word            =       token | quoted-string
  

  And token and quoted-string are specified in HTTP/1.1 and can be represented by these regular expressions respectively:

    [!#$%&'*+\-.0-9A-Za-z^_`|~]+
    "([ \x21\x23-\x7E\x80-\xFF]|(\r\n)?[ \t]+|\\[\x00-\x7F])*"
  

  So this isn’t application/x-www-form-urlencoded either but a different format preferred by HTTP-based extensions.

• RFC 2965 doesn’t specify anything different than RFC 2109 regarding the cookie syntax:

  cookie          =       NAME "=" VALUE *(";" set-cookie-av)
  NAME            =       attr
  VALUE           =       value
  

Thus the +, that is only is replaced in application/x-www-form-urlencoded, should not be replaced by a space in cookies. So this is a wrong behavior by PHP.

I know it's not new issue, but for those, who also runs to this problem, here's my solution:

To solve this error use escaped characters instead!

At http://www.w3schools.com/jsref/jsref_escape.asp it says:

This function encodes special characters, with the exception of: * @ - _ + . /

So it means you can insert these characters to the cookie, but won't be able to retrieve through PHP. PHP just and only accepts escaped ASCII chars like '%2B' for '+' '%2A' for '*' etc. Check the Hx column here: http://www.asciitable.com/

So how i solved it (quick and dirty) is that i tried to insert escaped data to the cookie:

function setCookie(c_name,value,exdays){
      var exdate=new Date();
      var n_value = escape(value).replace(/[+]/g,"%2B").replace(/[*]/g,"%2A").replace(/[@]/g,"%40").replace(/[-]/g,"%2D").replace(/[_]/g,"%5F").replace(/[.]/g,"%2E").replace(/[/]/g,"%2F");
      exdate.setDate(exdate.getDate() + exdays);
      var c_value = n_value + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
      document.cookie=c_name + "=" + c_value;
    }

this escapes the rest of the characters, then replace the exceptions ( +-_@*./ ). It's dirty and I'm pretty sure it can be done someway else, like regexp...etc, but it works for now.

Try it, you'll be satisfied with it!

You could replace + with it's url code %2B.

document.cookie = 'cookie1' + '=' + inf1 + '%2B' + inf2;

You should also encode inf1 and inf2 if they might contain unencoded strings (if they're numbers, it's fine). Just search google for "JavaScript urlencode"