Persistent cookies from a servlet in IE

Question

I have a cookie which is generated from a servlet and that I would like to be persistent - that is, set the cookie, close down IE, start it back up, and still be able to re

Answer 1

This http://www.mail-archive.com/users@tomcat.apache.org/msg52249.html has the answer, but doesn't really explain why.

That is, by encoding @ (which is an unacceptable character in version 0 cookies), the cookie sent in the response has it's version set to 0 (acceptable to IE) rather than 1 (a different format and therefore unacceptable IE).

My issue was the sort of the same. We were Base64 encoding our cookie value and sending it down. However, Base64 includes characters like '=' ... which is again illegal in version 0 and thereby unacceptable to IE.

The mystery that remains for me is: some part of the stack is 'smart' enough to recognize that the cookie value is invalid as a version 0 cookie and decides to send the response as a version 1 cookie (which includes explicit version number, the "unacceptable" characters, max-age rather than expires field, etc.) I don't know if it's Tomcat, Faces, Spring or javax.servlet which makes the decision to flip the version.

Bottom line: URI encoding on the value of the cookie will ensure the cookie set to the browser is version 0 and therefore persisted by IE.