Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are multiple Cookie headers allowed in an HTTP request?

Tags:

http

cookies

Usually, a browser groups cookies into a single Cookie header, such as:

Cookie: a=1; b=2 

Does the standard allow to send these as separate headers, such as:

Cookie: a=1 Cookie: b=2 

Or do they always have to be on the same line?

like image 739
BenMorel Avatar asked Apr 30 '13 17:04

BenMorel


People also ask

Can a HTTP request have multiple headers?

A recipient MAY combine multiple header fields with the same field name into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field value to the combined field value in order, separated by a comma.

How many headers can an HTTP request have?

HTTP does not place a predefined limit on the length of each header field or on the length of the header section as a whole, as described in Section 2.5.

Is cookie a header in HTTP?

A cookie is an HTTP request header i.e. used in the requests sent by the user to the server. It contains the cookies previously sent by the server using set-cookies. It is an optional header.

Can you have multiple cookies with the same name?

If multiple cookies of the same name match a given request URI, one is chosen by the browser. The more specific the path, the higher the precedence. However precedence based on other attributes, including the domain, is unspecified, and may vary between browsers.


1 Answers

Chanced upon this page while looking for details on the topic. A quote from HTTP State Management Mechanism, RFC 6265 ought to make things clearer:

5.4. The Cookie Header

When the user agent generates an HTTP request, the user agent MUST NOT attach more than one Cookie header field.

It looks like the use of multiple Cookie headers is, in fact, prohibited!

like image 64
James Chong Avatar answered Sep 28 '22 04:09

James Chong