Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to set more than one cookie with a single Set-Cookie?

Tags:

One HTTP Set-Cookie directive can only hold one cookie, is it right? I mean, one single name=value pair?

like image 534
lovespring Avatar asked May 21 '10 06:05

lovespring

People also ask

How do I set more than one cookie?

With JavaScript, to set more than one cookie, set document. cookie more than once using the; separator.

Can one user have multiple cookies?

Yes, one domain can generate many cookies. The maximum number varies by browser.

Can there be 2 cookies with same name?

If multiple cookies of the same name match a given request URI, one is chosen by the browser. The more specific the path, the higher the precedence. However precedence based on other attributes, including the domain, is unspecified, and may vary between browsers.

Can you have multiple set-cookie headers?

The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.

1 Answers

The original cookie specification of Netscape (see this cached version) does not say anything about listing multiple cookie declarations.

But as of Set-Cookie as defined by RFC 2109 allows a comma separated list of cookie declaration:

Informally, the Set-Cookie response header comprises the token Set-Cookie:, followed by a comma-separated list of one or more cookies. Each cookie begins with a NAME=VALUE pair, followed by zero or more semi-colon-separated attribute-value pairs.

The same applies to Set-Cookie2 as defined by RFC 2965:

Informally, the Set-Cookie2 response header comprises the token Set-Cookie2:, followed by a comma-separated list of one or more cookies. Each cookie begins with a NAME=VALUE pair, followed by zero or more semi-colon-separated attribute-value pairs.

But since most user agents still follow Netscape’s original specification, I would rather suggest to just declare each cookie with its own Set-Cookie header field.

This is also what the latest RFC 6265 reflects:

Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.

like image 184
Gumbo Avatar answered Sep 30 '22 11:09

Gumbo
Sign in to Comment

Related questions

How to increase the timeout to a web service request?
T-SQL Pivot? Possibility of creating table columns from row values
What is the security risk of object reflection?
Comparison between variables pointing to same Integer object
How do I capitalize the first letter of a word in Vim?
Most Strange IIS Windows Authentication behavior
How does Litmus track their email analytics?
Database design for storing food recipes
What does -- do in Excel formulas?
How to memset() memory to a certain pattern instead of a single byte?
Looking for an elegant and efficient C++ matrix library [closed]
how to resume an interrupted download - part 2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!