[Apiman-user] Apiman returning only a single set-cookie header in response

Stephen Henrie stephen at chassi.com
Fri Apr 13 12:22:25 EDT 2018 

Hi Marc,

Thanks for the response.

Resending to include the mailing list, but also this reference for you.

https://tools.ietf.org/html/rfc6265#page-6

>From the third paragraph in section 3:

An origin server can include multiple Set-Cookie header fields in a
single response.


So doing something like you proposed below, will not work for browsers.
Browsers expect to get multiple set-cookie headers from web server
responses. You have to uses a Map that supports having multiple keys of the
same name.

Foo = Bar
>> Foo = Baz
>>
>> becomes
>>
>> Foo = Bar, Baz

Thanks
Stephen


On Fri, Apr 13, 2018 at 7:10 AM, Marc Savy <marc.savy at redhat.com> wrote:

> I can now now recall the details on this.
>
> In short, this issue is only apparent on the Servlet implementation
> and should work fine on the Vert.x Gateway.
>
> I'll try to fix it for the Servlet implementations, also.
>
> I'll report back to this thread shortly.
>
> Regards,
> Marc
>
> On 13 April 2018 at 13:38, Marc Savy <marc.savy at redhat.com> wrote:
> > Incidentally, my reference for that is:
> >
> >    http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 and
> > http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2
> >
> > Which I discovered in turn from
> >     https://stackoverflow.com/a/4371395
> >
> > Just asking whether this works for you, because I believe some
> > applications (incorrectly, AFAICT) can't cope with this.
> >
> > On 13 April 2018 at 13:36, Marc Savy <marc.savy at redhat.com> wrote:
> >> Hi Stephen,
> >>
> >> Interesting issue. Is this on the Servlet or Vert.x gateway
> implementation?
> >>
> >> I think we might be able to work around it by appending same-key
> >> values into a single value.
> >>
> >> i.e.
> >>
> >> Foo = Bar
> >> Foo = Baz
> >>
> >> becomes
> >>
> >> Foo = Bar, Baz
> >>
> >> Would that be acceptable for you?
> >>
> >> I'll have to investigate how the underlying platforms handle this
> >> case. I have a vague memory of working on something in this area
> >> before, so I'll have to dig in to see what the state of things is.
> >>
> >> Regards,
> >> Marc
> >>
> >> On 13 April 2018 at 01:31, Stephen Henrie <stephen at chassi.com> wrote:
> >>>
> >>> Hi all,
> >>>
> >>> I have a service that needs to return multiple set-cookie headers back
> to
> >>> the requesting browser, but I am only seeing one set-cookie header
> being
> >>> returned from apiman. Has anyone else tried this or know of any issues
> >>> returning multiple headers of the same name but with different values?
> >>>
> >>> This multiple set-cookie headers in the response scenario is commonly
> >>> supported by web servers and browsers.
> >>>
> >>> Thanks in advance.
> >>>
> >>> Stephen
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Apiman-user mailing list
> >>> Apiman-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20180413/f237342a/attachment-0001.html

More information about the Apiman-user mailing list