You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Set-Cookie header can occur multiple times but does not adhere to the list syntax, and thus is not well supported by the header field value concatenation rules.
The text was updated successfully, but these errors were encountered:
Upon further investigation, I believe that combining multiple Set-Cookie fields within a signature is actually fine. The resulting value is not able to be reliably parsed, but it doesn't need to be! The canonicalized value is simply the concatenated string with defined separators between the individual values. The fact that the result is not itself a valid header value for Set-Cookie is weird, and should be called out, but I don't believe it actually negatively affects the signature process.
The Set-Cookie header can occur multiple times but does not adhere to the list syntax, and thus is not well supported by the header field value concatenation rules.
The text was updated successfully, but these errors were encountered: