On Sat, Mar 8, 2014 at 12:06 AM, William A. Rowe Jr. <wmr...@gmail.com> wrote: > > On Mar 7, 2014 4:50 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote: >> >> On Fri, Mar 7, 2014 at 10:25 PM, William A. Rowe Jr. <wmr...@gmail.com> >> wrote: >> > In working through this code, I realized that you may have multiple >> > cookie >> > headers of multiple values for the same cookie name. >> > >> > Mark Thomas looked at the spec for me and determined they would be >> > entirely >> > permissible by RFC 6265 S4.2.2. But today we simply log one and done. >> >> I can't presume how far you plan to handle the multiple cookie >> headers, but should you handle "Cookie: name1=value1, name2=value2" as >> two distinct cookies (like comma separated headers defined by the HTTP >> RFC), it's good to know that most (if not all) user-agents won't, >> mostly because applications (cookie setters) won't either quote >> Set-Cookie values or attributes containing comma (double-quotes were >> not defined with cookies version 0). >> >> As a consequence, the above is commonly considered a single cookie >> named [name1] with value [value1, name2=value2]... > > Did you mean comma? Or semicolon?
Comma yes. Semicolon is the only de facto cookie separator.