On Fri, Mar 7, 2014 at 10:25 PM, William A. Rowe Jr. <wmr...@gmail.com> wrote: > In working through this code, I realized that you may have multiple cookie > headers of multiple values for the same cookie name. > > Mark Thomas looked at the spec for me and determined they would be entirely > permissible by RFC 6265 S4.2.2. But today we simply log one and done.
I can't presume how far you plan to handle the multiple cookie headers, but should you handle "Cookie: name1=value1, name2=value2" as two distinct cookies (like comma separated headers defined by the HTTP RFC), it's good to know that most (if not all) user-agents won't, mostly because applications (cookie setters) won't either quote Set-Cookie values or attributes containing comma (double-quotes were not defined with cookies version 0). As a consequence, the above is commonly considered a single cookie named [name1] with value [value1, name2=value2]... Regards, Yann.