RFC 6265 mandates that all cookies be placed in a single Cookie HTTP header: When the user agent generates an HTTP request, the user agent MUST NOT attach more than one Cookie header field.
Spring HTTP Client (using SimpleHttpClient) does not follow this requirement, which can break application using multiple cookies.
In my own tests, Apache https tends to be quite lenient, whereas IIS strictly follows RFC 6265.
Fixing this bug in client (application) code is quite difficult, since those classes are package-private, final, and their state is private.
Hence this should really be taken care of in Spring Framework.
Affects: 3.2.11, 4.1 GA
#16787 HttpHeaders should accept empty Content-Type header
Actually, since Spring doesn't seem to set the Cookie header itself anywhere, I suppose you are programmatically adding several Cookie headers yourself? Could you - as a workaround - manually merge those header values into the same line and set it as such?