Éric Araujo added the comment:
I don’t know that longer is the right think to look at here, but rather more
specific. Unless I’m mistaken, a cookie for test.com is not read on
demo.test.com; it would need to be for .test.com to be read (and in that case
the specificity rules in the spec
New submission from IYism :
E.g:
Set-Cookie: a=1; Domain=test.com; Path=/
Set-Cookie: a=2; Domain=demo.test.com; Path=/
Browser send Cookie: a=2; a=1
According to the agreed specification, a=2 should be read first, not a=1
But the wrong behavior of python is that the cookie reads a=1