> On 19 Jan 2016, at 8:27 pm, Anne van Kesteren <ann...@annevk.nl> wrote: > > I thought this was important for cookies (that they could not be > combined), but there's nothing in RFC 7230 that supports that.
The relevant bit is <http://httpwg.github.io/specs/rfc7230.html#rfc.section.3.2.2> """ Note: In practice, the "Set-Cookie" header field ([RFC6265]) often appears multiple times in a response message and does not use the list syntax, violating the above requirements on multiple header fields with the same name. Since it cannot be combined into a single field-value, recipients ought to handle "Set-Cookie" as a special case while processing header fields. (See Appendix A.2.3 of [Kri2001] for details.) """ It doesn't talk explicitly about Cookie. Reminder - we (the HTTP WG) are talking about re-opening the cookie spec to do surgery; if you have suggestions on improvements (and this might be a good place), see: http://www.w3.org/mid/faf2c2e8-0a6a-4c34-b4c4-57190aae1...@mnot.net -- Mark Nottingham https://www.mnot.net/