I'm trying to pass an array from my backend to the frontend on a cookie. To do this, I'm converting the array to a stringified json object, and passing that as the value on a Symfony\Component\HttpFoundation\Cookie. The frontend is then converting the string back to a json object using javascript's decodeURIComponent

When the Cookie is stringified and attached as a header on the response, it is encoding the cookie value using urlencode(), which doesn't follow RFC 3986, instead of using rawurlencode() which does follow RFC 3986. The difference is that spaces are encoded as + instead of %20.

The decodeURIComponent adheres to RFC 3986, meaning that when I decode the cookie, I then have to parse the values to replace +s with spaces, which obviously isn't ideal.

Is there a reason that it's using urlencode instead of rawurlencode? Off the top of my head, I can't think of why it would be necessary, but it's possible I'm missing something. I'd be happy to change it and submit a PR, but I wanted to get others' thoughts and input.