currently I have read the RCF 6265 chapter 4.1.1 about the syntax of set-cookie headers. In 4.1.1 in the text:
Each cookie begins with
a name-value-pair, followed by zero or more attribute-value pairs.
Servers SHOULD NOT send Set-Cookie headers that fail to conform to
the following grammar:
An in the list of grammar ther is the entry:
token = <token, defined in [RFC2616], Section 2.2>
In my opinion that means, that it is possible to save a JWT in a Cookie, but as I keep on reading, I didn't found a documentation about this field. Also on Wikipedia I didn't found this field.
Am I wrong with my opinion or? Or is it possible to save a JWT (JWE, JWS) in a cookie? Because on the PHP set_cookie()-Method I also can't find this "Token" field. Or is is also best practice to save the token in a cookie to and set the JWT into the value of set_cookie()-Method?