What are allowed characters in cookies?

Question

What are the allowed characters in both cookie name and value? Are they same as URL or some common subset?

Reason I\'m asking is that I\'ve recently hit some strange

Answer 1

If you are using the variables later, you'll find that stuff like path actually will let accented characters through, but it won't actually match the browser path. For that you need to URIEncode them. So i.e. like this:

  const encodedPath = encodeURI(myPath);
  document.cookie = `use_pwa=true; domain=${location.host}; path=${encodedPath};`

So the "allowed" chars, might be more than what's in the spec. But you should stay within the spec, and use URI-encoded strings to be safe.