[Bug 62213] New: "Header append" description should mention that the Set-Cookie header is an exception to the standard.

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62213

            Bug ID: 62213
           Summary: "Header append" description should mention that the
                    Set-Cookie header is an exception to the standard.
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: tsteiner@nerdclub.net
  Target Milestone: ---

At https://httpd.apache.org/docs/current/mod/mod_headers.html#header where the
"add" and "append" actions are described, the reader is told to not set a
header multiple times, but instead to combine multiple header values into a
comma separated list.  This is normally correct.  However, RFC 6265 specifies
the following:

"An origin server can include multiple Set-Cookie header fields in a single
response."
and
"Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single
header field."

So, if the reader follows the documented advice and appends to an existing
Set-Cookie header, the results can be undesirable.  For example, I had an
existing cookie's domain attribute changed to that of the cookie I was
appending.  Could you please add a note that while "Header add" usually isn't
the correct choice, there's an exception for the "Set-Cookie" header?

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org