Cookie#cookie_value too should quote values if necessary.

lib/http/cookie.rb

@@ -545,7 +545,7 @@ class HTTP::Cookie
   # Returns a string for use in a Cookie header value,
   # i.e. "name=value".
   def cookie_value
-    "#{@name}=#{@value}"
+    "#{@name}=#{Scanner.quote(@value)}"
   end
   alias to_s cookie_value
 
@@ -559,7 +559,7 @@ class HTTP::Cookie
     origin = origin ? URI(origin) : @origin or
       raise "origin must be specified to produce a value for Set-Cookie"
 
-    string = "#{@name}=#{Scanner.quote(@value)}"
+    string = cookie_value
     if @for_domain
       string << "; Domain=#{@domain}"
     end

lib/http/cookie/scanner.rb

@@ -23,7 +23,7 @@ class HTTP::Cookie::Scanner < StringScanner
   class << self
     def quote(s)
       return s unless s.match(RE_BAD_CHAR)
-      '"' << s.gsub(RE_BAD_CHAR, "\\\\\\1") << '"'
+      '"' << s.gsub(/([\\"])/, "\\\\\\1") << '"'
     end
   end
 

test/test_http_cookie.rb

@@ -390,6 +390,16 @@ class TestHTTPCookie < Test::Unit::TestCase
     end
   end
 
+  def test_cookie_value
+    [
+      ['foo="bar  baz"', 'bar  baz'],
+      ['foo="bar\"; \"baz"', 'bar"; "baz'],
+    ].each { |cookie_value, value|
+      cookie = HTTP::Cookie.new('foo', value)
+      assert_equal(cookie_value, cookie.cookie_value)
+    }
+  end
+
   def test_set_cookie_value
     url = URI.parse('http://rubyforge.org/')