Hi, let me correct my last post:
1. The standard is RFC 6265, but many people are used to url-encode. url-encoding is the common answer on lists & discussion-groups. 2. I didn't expressed clearly that i also want Hunchentoot to validate AND throwing an error when validation fails. 3. The given http-cookie-value-p is wrong. (doesn't honor the fact that it is allowed to wrap the Token in Doubleqoutes (#x22). 4. your example shows that the decision is not a matter of performance versus simplicity, it's about correctness.
So i vote for a correct implementation, validating the value and throwing an appropriate error.
Ralf