Validate cookie name

options.go

@@ -4,6 +4,7 @@ import (
 	"crypto"
 	"encoding/base64"
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"regexp"
@@ -200,6 +201,7 @@ func (o *Options) Validate() error {
 	}
 
 	msgs = parseSignatureKey(o, msgs)
+	msgs = validateCookieName(o, msgs)
 
 	if len(msgs) != 0 {
 		return fmt.Errorf("Invalid configuration:\n  %s",
@@ -261,6 +263,14 @@ func parseSignatureKey(o *Options, msgs []string) []string {
 	return msgs
 }
 
+func validateCookieName(o *Options, msgs []string) []string {
+	cookie := &http.Cookie{Name: o.CookieName}
+	if cookie.String() == "" {
+		return append(msgs, fmt.Sprintf("invalid cookie name: %q", o.CookieName))
+	}
+	return msgs
+}
+
 func addPadding(secret string) string {
 	padding := len(secret) % 4
 	switch padding {

options_test.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"crypto"
+	"fmt"
 	"net/url"
 	"strings"
 	"testing"
@@ -216,3 +217,17 @@ func TestValidateSignatureKeyUnsupportedAlgorithm(t *testing.T) {
 	assert.Equal(t, err.Error(), "Invalid configuration:\n"+
 		"  unsupported signature hash algorithm: "+o.SignatureKey)
 }
+
+func TestValidateCookie(t *testing.T) {
+	o := testOptions()
+	o.CookieName = "_valid_cookie_name"
+	assert.Equal(t, nil, o.Validate())
+}
+
+func TestValidateCookieBadName(t *testing.T) {
+	o := testOptions()
+	o.CookieName = "_bad_cookie_name{}"
+	err := o.Validate()
+	assert.Equal(t, err.Error(), "Invalid configuration:\n"+
+		fmt.Sprintf("  invalid cookie name: %q", o.CookieName))
+}