1

Resolved

Multiple cookies and Set-Cookie headers

description

Current implementation has issue with cookies.

When you invoke

response.Headers.Add("Set-Cookie", "a=b;Path=/;");
response.Headers.Add("Set-Cookie", "c=d;Path=/;");

Actually only one Set-Cookie header is sent with comma-separated cookies.
Set-Cookie:a=b;Path=/;,c=d;Path=/;,e=f;Path=/;

But no browsers understand such syntax (it's against RFC6265).

And actually only first cookie is set.

For more details and code examples see
http://stackoverflow.com/questions/11533867/set-cookie-header-with-multiple-cookies

comments

HenrikN wrote Jul 25, 2012 at 10:05 AM

I assume you are seeing this in selfhost? WCF has a limitation (I don't know exactly why) for only sending one Set-Cookie header field which is likely what you are seeing.

However, Web API supports cookies directly in a manner that allows you to have multiple "cookies" within one Set-Cookie header. You can see a description of how to use it in this blog [1]. You can also see the API directly here [2]

Thanks,

Henrik

[1] http://blogs.msdn.com/b/henrikn/archive/2012/04/23/using-cookies-with-asp-net-web-api.aspx
[2] http://aspnetwebstack.codeplex.com/SourceControl/changeset/view/1ccfcdfc11da#src%2fSystem.Net.Http.Formatting%2fHttpResponseHeadersExtensions.cs

Sign in to add a comment or to set email notifications