C# – handling a comma inside a cookie value using .net’s (C#) System.Net.Cookie


I'm creating a client to visit a website and log in + do some tasks automatically, however they recently updated their cookies to (for whatever reason…) contain a comma inside their identification cookie.

So for example, the Cookie will have a value similar to this:


The problem is, according to msdn you can't use a comma nor a period inside a cookie's value. What I'm looking for is a way around this limitation, some way to make .net's Cookie's work nice with the commas. I've found that the server does send a 'SET-COOKIE' header to the client and I'm guessing that's what is being parsed, but that also seems to obviously give special meaning to commans and semicolons as well (thus the limitation of the class inside .NET itself).

But then how does a browser such as IE, Firefox, etc… handle the cookie properly (as they clearly do, since the website works fine in any browsers I've tested it with.) Is there maybe a way to force this behaviour in .NET?

Any help would be appreciated, thanks.

— EDIT —

some additional information:

My code looks something like this:

request = (HttpWebRequest)WebRequest.Create(URI); 
request.CookieContainer = Program.client.cookieJar;

Where cookieJar is defined in Program.client as:

CookieContainer cookieJar = new CookieContainer();

When i loop through and print out all the cookies in the CookieContainer, I get something like this: (cookies, in the format: "name" -> "value")

"normal_cookie" -> "i am the value" 
"messedup_cookie" -> "a" 
"bcdefghijklmnop" -> "" 

// What I should get is this: 
"normal_cookie" -> "i am the value" 
"messedup_cookie" -> "a,bcdefghijklmnop" 

The core of the problem seems to be that commas and semi colons are reserved characters in the SET-COOKIE header string…but then how do browsers handle this? I can probably parse the string myself but I don't know how to get around situations such as this one: (HTTP header, in the format: "name" -> "value")

"Set-Cookie" -> "messedup_cookie=a,bcdefghijklmnop; path=/; domain=.domain.com; expires=Sat, 15-Aug-2009 09:14:24 GMT,anothervariable=i am the value;"

As you can see, the expires section looks for a comma instead of a semicolon to differentiate itself from the next variable. As far as I can tell, it's in the format:

cookie1_var1=value; cookie1_var2=value,cookie2_var1=value; cookir2_var2=value

But if that's true, is there an elegant way to deal with commas that may occur inside one of the values?

Best Solution

According to the following article, you should consider UrlEncode and UrlDecode for storing values in cookies.

private void SetCookie()
    HttpCookie cookie = new HttpCookie("cookiename");
    cookie.Expires = DateTime.Now.AddMonths(24);
    cookie.Values.Add("name", Server.UrlEncode(txtName.Text));

private void GetCookie()
    HttpCookie cookie = Request.Cookies["cookiename"];
    if (cookie != null)
        txtName.Text = Server.UrlDecode(cookie.Values["name"]);

Don’t ever HTML encode a cookie in ASP.NET! It results in a yellow screen of death and an exception stating that the cookie contains dangerous characters.

MSDN also has an article on the subject.

ASP.NET does not encode or unencode cookies in UrlEncode format by default. As a result, you may encounter unexpected behavior in ASP.NET applications.