Zend\Http\Header\SetCookie changed to support empty cookies

[ghost]

$keyValue is receiving value with '=' when the cookie is empty.

Issue #5475

[Maks3w]

Please add a unit test too

[ClemensSahs]

I write some tests for this problem, I'm sorry to say this patch is not working.

currently I'm try to fix this in every case its possible

all following case we must detect correctly

array(
'Set-Cookie: emptykey=  ; Domain=docs.foo.com;', // current failing
'Set-Cookie: emptykey=; Domain=docs.foo.com;',
'Set-Cookie: emptykey; Domain=docs.foo.com;'
);

is there a some other one?

[ClemensSahs]

currently your patch run at this CI-Job

[ClemensSahs]

In my mind a fix in the else branch is only a workaround, we have the if branch to cover all keyValuePairs:

• regular values
• with spaces
• empty but with "="

the else branch will be for tags like "httponly" or "secure"

what is your opinion?

[ghost]

I agree with you. I had not realized it.

The current regex have a plus sign to match headerValue '#^(?P[^=]+)=\s*("?)(?P[^"]+)\2#'
Plus attempt to match the preceding token once or more times, so it doesnt match empty strings.

I'll revert the past changes and change the regex to '#^(?P[^=]+)=\s_("?)(?P[^"]_)\2#'
Star attempt to match the preceding token zero or more times, so it will match empty strings.

[ClemensSahs]

@Maks3w
tests are implement and run fine
this PR is ready for merge

[jcq]

Any word on this getting merged? For what it's worth, I had a similar problem, and this appears to have fixed it.

[ralphschindler]

I suppose it is fine for parsing needs that this particular class be a bit more liberal than the spec. But for the record, I don't see anywhere in the cookie spec that says values can be empty: https://www.ietf.org/rfc/rfc2109.txt

[ClemensSahs]

@ralphschindler
The actually RFC is 6265 at this point 3.1 we see a empty definition to remove the cookie.