Reputation: 1476
Is it acceptable to have multiple `set-cookie` headers in an HTTP/2 stream?
I'm proxying HTTP/2 client -> HTTP/1.1 server, and I'm not sure how to handle multiple set-cookie in the response.
I believe set-cookie is the only header which is allowed to be set multiple times for HTTP/1.1 - is this the case for HTTP/2 as well?
If I receive set-cookie multiple times in the HTTP/1.1 response, how do I send that back to the client over HTTP/2? Can I merge it together into a single header, or do I need to send multiple set-cookie headers back via HTTP/2.0?
Upvotes: 2
Views: 3622
Answers (1)
Reputation: 18597
The HTTP/2 specification specifies how to handle cookies in this section.
It is the case for HTTP/2 as well that set-cookie is allowed to be set multiple times - its format would not allow otherwise.
A client receiving multiple set-cookie headers may send multiple cookie headers, or may concatenate them.
The server receiving multiple cookie headers must concatenate them
before invoking an application.
Upvotes: 4
Related Questions
- Difference between set-cookie2 and set-cookie
- Adding multiple Set-Cookie Headers in ASP.NET Web
- Are multiple Cookie headers allowed in an HTTP request?
- Set multiple cookies in Apache
- How to correctly handle multiple Set-Cookie headers in Hyper?
- Should packed cookies be treated as a single cookie?
- Multiple Set-cookie headers in HTTP
- Are there HTTP headers that could reasonably be present multiple times?
- Is it possible to set more than one cookie with a single Set-Cookie?
- Can setcookie in PHP result in multiple "Set-Cookie" headers?