Author Grzegorz Sikorski
Recipients Grzegorz Sikorski
Date 2016-10-06.15:01:12
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I have a usecase when the server sends two cookies in separate `Set-Cookie` headers. One of the cookie includes a `,` (comma). It seems this is not handled properly, as the library always try to fold multiple headers with the same name into a single comma-separated string. While this is valid for other header fields, `Set-Cookie` should never be folded, as RFC 6265 says:
   Origin servers SHOULD NOT fold multiple Set-Cookie header fields into
   a single header field.  The usual mechanism for folding HTTP headers
   fields (i.e., as defined in [RFC2616]) might change the semantics of
   the Set-Cookie header field because the %x2C (",") character is used
   by Set-Cookie in a way that conflicts with such folding.
Date User Action Args
2016-10-06 15:01:13Grzegorz Sikorskisetrecipients: + Grzegorz Sikorski
2016-10-06 15:01:13Grzegorz Sikorskisetmessageid: <>
2016-10-06 15:01:13Grzegorz Sikorskilinkissue28378 messages
2016-10-06 15:01:12Grzegorz Sikorskicreate