You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into
a single header field. The usual mechanism for folding HTTP headers
fields (i.e., as defined in [RFC2616]) might change the semantics of
the Set-Cookie header field because the %x2C (",") character is used
by Set-Cookie in a way that conflicts with such folding.
set-cookie headers should not include comma separated values -- however, with PR #693 this is enabled comma separated values for all headers, including set-cookie, which breaks browser parsing of set-cookie headers.
The text was updated successfully, but these errors were encountered:
According to http://tools.ietf.org/html/rfc6265#section-3
set-cookie headers should not include comma separated values -- however, with PR #693 this is enabled comma separated values for all headers, including set-cookie, which breaks browser parsing of set-cookie headers.
The text was updated successfully, but these errors were encountered: