homepage

Well, as D.M.Kristol says: there are no any standard for this particular 
topic. And RFC is not any standard but a request for comments...
Personally I've been added a colon in Cookie.py for let Trac and other 
Python-based software stop crashing, because such sort of cookies are quite 
often appears. For some reason people treat a colon as a namespace separator, 
like in XML. Thus there are plenty of cookies like "section:key=value" you 
can meet quite often. But this is not a fix, but just quick local fix.
You also can find a lots of cookies that consists "[" and "]", slash, 
even a space that has been quoted as "%20", which means a "%" inside the
token -- just look what godaddy.com gives to you. :-)
So I see another problem here: there is not just a colon thing, but
implementation should be slightly different. Currently Python code
lists allowed chars. I am not sure it is correct way to implement.
Rather I would list disallowed chars (see example in Java).
Here is also an example how Ruby does the thing 
(see lib/webrick/cookie.rb):
------------------------------------------
def self.parse(str)
 if str
 ret = []
 cookie = nil
 ver = 0
 str.split(/[;,]\s+/).each{|x| # <--- Here you go.
 key, val = x.split(/=/,2)
 val = val ? HTTPUtils::dequote(val) : ""
 case key
 when "$Version"; ver = val.to_i
 when "$Path"; cookie.path = val
 when "$Domain"; cookie.domain = val
 when "$Port"; cookie.port = val
 else
 ret << cookie if cookie
 cookie = self.new(key, val)
 cookie.version = ver
 end
 }
 ret << cookie if cookie
 ret
 end
 end
------------------------------------------
I still have doubts that Cookie NAME is the same token, because
specs still disallows only comma, semi-colon and a space. Well, 
I don't know, but we can either stick to Request For Comments or 
we can behave as the rest of the world, avoiding future interference.
Would be nice to hear some comments on policies... Tim?