Multiple 'Set-Cookie' headers in one response
See original GitHub issueIs it possible to have multiple ‘Set-Cookie’ headers in one response? As is known there are two ways to set cookies header in the response: - Having separated headers - Folding into 1 header and using comma separated
The later way however is deprecated in (RFC6265)[http://www.rfc-editor.org/rfc/rfc6265.txt] and not supported by some latest browsers.
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into
a single header field. The usual mechanism for folding HTTP headers
fields (i.e., as defined in [RFC2616]) might change the semantics of
the Set-Cookie header field because the %x2C (",") character is used
by Set-Cookie in a way that conflicts with such folding.
So that below can be valid:
responses:
200:
description: "Response with content"
headers:
Set-Cookie:
type: String
description: "eg. key1=value1"
Set-Cookie:
type: String
description: "eg. key2=value2"
Issue Analytics
- State:
- Created 6 years ago
- Reactions:8
- Comments:15 (5 by maintainers)
Top Results From Across the Web
Multiple Set-cookie headers in HTTP - Stack Overflow
Servers SHOULD NOT include more than one Set-Cookie header field in the same response with the same cookie-name. I would therefore be very...
Read more >Set-Cookie - HTTP - MDN Web Docs
The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent...
Read more >Multiple Set-Cookie Headers: same-name headers
I am able to get the VALUES of both set-cookie headers by using: setcookie.get_value_by_name(beresp, “<cookie_name>”). I have been unable to get ...
Read more >63434 – Multiple Cookie headers combined to one comma ...
No, multiple cookies are fine in the same header... but separated by semicolon, not comma. Comment 3 Yann Ylavic 2019-05-15 11:18:19 UTC.
Read more >URL Fetch cannot get multiple cookie headers [35887589]
Yes, it's a bug. The response contains multiple headers, so the library should return those headers as they are in the response and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I got rid of this problem with this one simple trick:
just surround the next same header by quotation marks and add null char at the beginning.
result:
@RobDolinMS Also, you can’t have multiple
cookie
headers in the request. As per RFC 6265 S5.4: