Usually, a browser groups cookies into a single Cookie
header, such as:
Cookie: a=1; b=2
Does the standard allow to send these as separate headers, such as:
Cookie: a=1 Cookie: b=2
Or do they always have to be on the same line?
A recipient MAY combine multiple header fields with the same field name into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field value to the combined field value in order, separated by a comma.
HTTP does not place a predefined limit on the length of each header field or on the length of the header section as a whole, as described in Section 2.5.
A cookie is an HTTP request header i.e. used in the requests sent by the user to the server. It contains the cookies previously sent by the server using set-cookies. It is an optional header.
If multiple cookies of the same name match a given request URI, one is chosen by the browser. The more specific the path, the higher the precedence. However precedence based on other attributes, including the domain, is unspecified, and may vary between browsers.
Chanced upon this page while looking for details on the topic. A quote from HTTP State Management Mechanism
, RFC 6265 ought to make things clearer:
5.4. The Cookie Header
When the user agent generates an HTTP request, the user agent MUST NOT attach more than one Cookie header field.
It looks like the use of multiple Cookie
headers is, in fact, prohibited!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With