httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: Logging multiple values for the same cookie name?
Date Fri, 07 Mar 2014 22:50:20 GMT
On Fri, Mar 7, 2014 at 10:25 PM, William A. Rowe Jr. <> wrote:
> In working through this code, I realized that you may have multiple cookie
> headers of multiple values for the same cookie name.
> Mark Thomas looked at the spec for me and determined they would be entirely
> permissible by RFC 6265 S4.2.2.  But today we simply log one and done.

I can't presume how far you plan to handle the multiple cookie
headers, but should you handle "Cookie: name1=value1, name2=value2" as
two distinct cookies (like comma separated headers defined by the HTTP
RFC), it's good to know that most (if not all) user-agents won't,
mostly because applications (cookie setters) won't either quote
Set-Cookie values or attributes containing comma (double-quotes were
not defined with cookies version 0).

As a consequence, the above is commonly considered a single cookie
named [name1] with value [value1, name2=value2]...


View raw message