One of the bugs I tracked down a couple months ago dealt with the different ways in which ASP and Java handle URL encoding in a cookies. ASP automatically encodes and decodes cookie values (without you telling it too even though it the Server object has a method ‘URLEncode’ which does the same job) while Java requires that you explicity use the URLDecoder and URLEncoder, otherwise it sends the cookie values without encoding them first, which in my case lead to an interoperability problem (one assumes URL encoding of cookie values, one doesn’t). <\/p>\n
But then it gets weirder. The encoding that ASP automatically applies is different than the encoding that Java applies. For example, in ASP you’d write something like this to set a cookie with my email address: … applies URL encoding rules, including escape characters, to a specified string.\n<\/p><\/blockquote>\n (which could be a teensy bit more helpful, must have been a programmer writing that documentation). On the other hand, the Java URLEncoder class documenation<\/a> says that the special characters “.”, “-“, “*”, and “_” are not to be encoded according to the HTML specification<\/a>, which itself cites RFC 1738<\/a> which says:<\/p>\n \n…the special characters “$-_.+!*'(),”, and reserved characters used for their reserved purposes may be used unencoded within a URL.\n<\/p><\/blockquote>\n which seems to me to imply that the ASP Cookie object is wrong (ie: it should leave the period alone in the email address). And beyond that, it’s pretty aggressive in assuming that I want to encode the data in my cookies. Am I missing something? How do other languages (PHP, Python, Perl, etc..) implement the same functionality? Aren’t web applications fun?<\/p>\n","protected":false},"excerpt":{"rendered":" One of the bugs I tracked down a couple months ago dealt with the different ways in which ASP and Java handle URL encoding in a cookies. ASP automatically encodes and decodes cookie values (without you telling it too even though it the Server object has a method ‘URLEncode’ which does the same job) while … Continue reading ASP, Java, Cookies and URLEncode<\/span>
\n
\nResponse.cookies(\"encoded\") = \"ajohnson@cephas.net\"
\n<\/code>
\nwhich would then result in this:
\n
\najohnson%40cephas%2Enet
\n<\/code>
\nwhere in Java you’d have something like this:
\n
\nString email = \"ajohnson@cephas.net\";
\nString encoded = URLEncoder.encode(email, \"UTF-8\");
\nres.addCookie(new Cookie(\"encoded\", encoded););
\n<\/code>
\nwhich results in this:
\n
\najohnson%40cephas.net
\n<\/code>
\nSo why does ASP encode the period as %2E and Java leave it alone? The Microsoft documentation for the ASP Server object contains very little documentation about the URLEncode<\/a> method other than to say that the URLEncode method <\/p>\n