If ALLOW_HTTP_SEPARATORS_IN_V0 is true, then setting a value for a V1 cookie containing a separator results in an invalid value per the V1 specification. For example, Cookie cookie = new Cookie("foo", "a=b"); cookie.setVersion(1); will create a header of the form: Set-Cookie: foo=a=b; Version=1 which is not a valid header per RFC2109. Because the version is specifically set to 1 the property should be ignored as this is not a V0 cookie. The result after auto-quoting would be Set-Cookie: foo="a=b"; Version=1 Alternatively this could result an IAE because the value «a=b» is not a token or quoted-string and hence not valid in a V1 cookie.
This has been fixed in 8.0.x for 8.0.15 onwards.