Set-Cookie with multiple values doesn't work

RESOLVED INCOMPLETE

Status

()

Core
Networking: Cookies
RESOLVED INCOMPLETE
11 years ago
5 years ago

People

(Reporter: Mark Nottingham, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

HTTP requires that multiple instances of the same header be able to be combined into one header. E.g.,

Foo-Header: 1
Foo-Header: 2

is equivalent to 

Foo-Header: 1, 2

However, Mozilla does not recognise any cookie set after the first one in a single Set-Cookie header line.

This puts a burden on upstream implementations (server-side and intermediary); they have to either treat set-cookie specially, or not combine headers at all. This makes writing HTTP header libraries difficult, for example.

Reproducible: Always

Steps to Reproduce:
1. Send a Set-Cookie header to Firefox with more than one cookie on a line.
2. Examine the cookies in Mozilla's cookie jar and/or those that it sends back to the server.

Actual Results:  
Only the first cookie is sent, unless there are no parameters, in which case the second cookie is treated as part of the first.

Expected Results:  
Each cookie is set properly.

Both Safari and Opera handle this correctly. I haven't tested IE yet.

Comment 1

10 years ago
we normally handle this case just fine, so something trickier must be going on here...

please follow the instructions at this url to create a cookie log demonstrating
the problem, and attach it to this bug.

http://www.mozilla.org/projects/netlib/cookies/cookie-log.html
not enough information
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.