I implemented a simple web site with a csrf secure cookie that is reset for each page showing a form. I assumed that simply setting the cookie with the same name and a new value would override the cookie in the client browser.
This assumption is correct as long as the url of the page is the same. To my surprise, when the url are different (same domain name), I end up with two cookies with the same name. I saw this behavior with chromium and firefox which can't be a coincidence. Note that I didn't specified the path when setting the cookie. I assumed that that the path would be "/" by default. The result is that the client browser is sending two cookies with the same name. Unfortunately, the standard lib returns only the first cookie. The Query method returns an array of values in case of multiple occurrence of the parameter name. It seam that the Cookie method should also return an array of value since we can also get multiple cookies with a same name. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/a950572f-dac3-4ec3-b823-83ad8808cc0en%40googlegroups.com.
