I am developing a new authentication system, to reduce complexity and increase security. And I'm developing a system where some authentication cookies will have randomly generated names for each session.
My question is: Which character set should I not use for cookie names? Or what character set can I use for cookie names? I do not know which smallest set ...
I would like a browser-independent response.