Don't collapse Set-Cookie header values
Closed this issue · 0 comments
fukamachi commented
This would be a problem mainly of parsing an HTTP response.
RFC 2109 is saying:
An origin server may include multiple Set-Cookie headers in a
response. Note that an intervening gateway could fold multiple such
headers into a single header.
However, It is very common an attribute "Expires" contains "," in its value like "Wed, 04 Mar 2015 07:05:42 GMT".
In RFC 6265, which deprecates RFC 2109, Set-Cookie header can have only single Cookie in its value.