Jim Jagielski Wed, 24 Mar 2004 09:10:44 -0800
The core issue with this bug is that we trample on any pre-existing Set-Cookie headers by "willy-nilly" overwriting our response header with that generated by the origin server. Should we honor existing Set-Cookie headers, or is that non-compliant?