Hi Marc,

Thanks for the response.

Resending to include the mailing list, but also this reference for you.

https://tools.ietf.org/html/rfc6265#page-6

From the third paragraph in section 3: 

An origin server can include multiple Set-Cookie header fields in a single response.

So doing something like you proposed below, will not work for browsers. Browsers expect to get multiple set-cookie headers from web server responses. You have to uses a Map that supports having multiple keys of the same name.

Foo = Bar
>> Foo = Baz
>>
>> becomes
>>
>> Foo = Bar, Baz

Thanks
Stephen


On Fri, Apr 13, 2018 at 7:10 AM, Marc Savy <marc.savy@redhat.com> wrote:
I can now now recall the details on this.

In short, this issue is only apparent on the Servlet implementation
and should work fine on the Vert.x Gateway.

I'll try to fix it for the Servlet implementations, also.

I'll report back to this thread shortly.

Regards,
Marc

On 13 April 2018 at 13:38, Marc Savy <marc.savy@redhat.com> wrote:
> Incidentally, my reference for that is:
>
>    http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 and
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2
>
> Which I discovered in turn from
>     https://stackoverflow.com/a/4371395
>
> Just asking whether this works for you, because I believe some
> applications (incorrectly, AFAICT) can't cope with this.
>
> On 13 April 2018 at 13:36, Marc Savy <marc.savy@redhat.com> wrote:
>> Hi Stephen,
>>
>> Interesting issue. Is this on the Servlet or Vert.x gateway implementation?
>>
>> I think we might be able to work around it by appending same-key
>> values into a single value.
>>
>> i.e.
>>
>> Foo = Bar
>> Foo = Baz
>>
>> becomes
>>
>> Foo = Bar, Baz
>>
>> Would that be acceptable for you?
>>
>> I'll have to investigate how the underlying platforms handle this
>> case. I have a vague memory of working on something in this area
>> before, so I'll have to dig in to see what the state of things is.
>>
>> Regards,
>> Marc
>>
>> On 13 April 2018 at 01:31, Stephen Henrie <stephen@chassi.com> wrote:
>>>
>>> Hi all,
>>>
>>> I have a service that needs to return multiple set-cookie headers back to
>>> the requesting browser, but I am only seeing one set-cookie header being
>>> returned from apiman. Has anyone else tried this or know of any issues
>>> returning multiple headers of the same name but with different values?
>>>
>>> This multiple set-cookie headers in the response scenario is commonly
>>> supported by web servers and browsers.
>>>
>>> Thanks in advance.
>>>
>>> Stephen
>>>
>>>
>>>
>>> _______________________________________________
>>> Apiman-user mailing list
>>> Apiman-user@lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>