New lines in header values about agoo HOT 11 CLOSED

Let me look into it. Agoo may not be converting the \n to a ; on the way out. It is in the outgoing direction you are referring to, right?

from agoo.

It's outgoing, but it shouldn't be converting \n to a ;. It should convert e.g. this:

Set-cookie:foo=bar;
foo2=bar2;
foo3=bar3;

Into this:

Set-Cookie:foo=bar;
Set-Cookie:foo2=bar2;
Set-Cookie:foo3=bar3;

from agoo.

I believe this is also conformant:

Set-Cookie:foo=bar;foo2=bar2;foo3=bar3

Are there some issues with that approach that I'm not aware of?

from agoo.

Yeah, it's not conformant because semicolons are used as directive separators in the Set-Cookie header (the MDN page has some examples).

Other HTTP headers (e.g. the Link header) implement a "list" style where values can be separated with commas, but since the e.g. Expires directive contains a comma, Set-Cookie can't use that format either. Per RFC 6265, section 3:

Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in RFC2616) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.

Based on that, it's my understanding that multiple Set-Cookies are needed.

from agoo.

Fair enough. I'll take that approach.

from agoo.

Awesome, thank you so much!

from agoo.

If it can wait a week or two I'd like to release with the new feature I'm working on of GraphQL subscription support. I'll have the fix in this weekend if you can live off the develop branch until the next release.

from agoo.

No problem, I can wait. Thanks again

from agoo.

It looks like this was fixed with 6228b64 and release with 2.10.0, yeah?

from agoo.

Yes indeed.

from agoo.

You're the man, thank you!

from agoo.