Which characters can I not use for cookie names?

2

I am developing a new authentication system, to reduce complexity and increase security. And I'm developing a system where some authentication cookies will have randomly generated names for each session.

My question is: Which character set should I not use for cookie names? Or what character set can I use for cookie names? I do not know which smallest set ...

I would like a browser-independent response.

    
asked by anonymous 28.08.2014 / 16:19

1 answer

3

In cookie names you must use any "printable" ASCII characters (% with% to% with% and with% with% with% with%), excluding% with%,% with%,% with% ! .

For values, the rule is almost the same except that you can use the ~ character in the value.

    
28.08.2014 / 16:29