Brief Notes on HTTP Cookie with Javascript and Unicode

Cookies are very useful, but they basically suck as they're just an ASCII string bounced between the server and the browser. RFC 2965 has standardised then, but they're still icky. You're best off avoiding them, storing per user data on the servers-side and having permanent session cookies with just a SUID.

If you want handle cookies with javascript and correctly handle unicode:

  • The JS functions escape/unescape are evil. They do not have server-side equivalents in most languages. And they do not encode unicode properly.
  • Base64 encoding is elegant. It turns everything in a nice 7-bit ASCII string. There aren't any native javascript functions for it though. You might not want to add them to your code if your existing JS libraries don't provide them.
  • Javascript has functions (en|de)codeURIComponent() which en/decode strings to the usual%20URL%20format. This is a little more bulky that Base64. These functions also aren't implemented on pre-IE5.5 browsers.

Note if your taking values from the hash-bit of a URL: location.hash is inconsistant, use location.href instead. See