Cookie::format_for_[header|set_cookie](): unexpected behaviour for key/value when empty

[jrfnl]

Summary

Discovered while writing tests, see #740

The Cookie class takes the required $name and $value` parameters. These parameters are accepted "blindly". The only validation being done is checking that a string has been passed.

This can lead to surprising - and possibly incorrect - results when those cookies are formatted.

Given the following code sample

$cookie = new Cookie('', '');
var_dump($cookie->format_for_header()); // (string) '='
var_dump($cookie->format_for_set_cookie()); // (string) '='

$cookie = new Cookie('key-only', '');
var_dump($cookie->format_for_header()); // (string) 'key-only='
var_dump($cookie->format_for_set_cookie()); // (string) 'key-only='

$cookie = new Cookie('', 'value-only');
var_dump($cookie->format_for_header()); // (string) '=value-only'
var_dump($cookie->format_for_set_cookie()); // (string) '=value-only'

I'd expect the following behaviour

• For both an empty key as well as an empty value, I'd expect the return to be an empty string (or an Exception).
• For key only, I think the behaviour is correct.
• For value only, I suspect the return value should be value-only (without the =).

Alternatively, I can imagine that a non-empty value for the key should be regarded as invalid and rejected with an exception when the Cookie is being constructed.

Additional context

This may need some research into RFCs on how cookies should be formatted.

Tested against develop branch?

• [x] I have verified the issue still exists in the develop branch of Requests.