Is the name of a cookie case sensitive?

Question

A HTTP Cookie consists of a name-value pair and can be set by the server using this response:

HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: name=value
         


        

Answer 1

Cookie names are case-sensitive. The RFC does not state that explicitly, but each case-insensitive comparison is stated so explicitly, and there is no such explicit statement regarding the name of the cookie. Chrome and Firefox both treat cookies as case-sensitive and preserve all case variants as distinct cookies.

Test case (PHP):

print_r($_COOKIE);

setcookie('foo', '123');
setcookie('Foo', '456');

Load script twice, observe $_COOKIE dump on second run.