Looking at org.apache.cxf.jaxrs.impl.NewCookieHeaderProvider.toString() it seems CXF does not have check about the cookie version. So if we have special character which is only allowed in version 1 cookie, there will be an issue.
+1 for this change. Iris Ding -- View this message in context: http://cxf.547215.n5.nabble.com/Version-1-NewCookie-is-not-compliant-with-RFC-2109-tp5764367p5764500.html Sent from the cxf-dev mailing list archive at Nabble.com.
