Should cookie values be URL encoded?
Yes. While it’s not required per the spec, the following is mentioned in RFC6265 (emphasis is in the original document, not added) To maximize compatibility with user agents, servers that wish to store arbitrary data in a cookie-value SHOULD encode that data, for example, using Base64 [RFC4648]. In my experience, most web frameworks and libraries … Read more