Description
This issue was originally filed by [email protected]
1:
In the current HttpHeaders implementation,
response.headers.set("Set-Cookie", "text = HelloWorld");
response.headers.add("Set-Cookie", "text = AnotherHelloWorld");
or
response.headers.add("Set-Cookie", "text = HelloWorld");
response.headers.add("Set-Cookie", "text = AnotherHelloWorld");
creates a single set-cookie header consists of comma separated two cookies (Set-Cookie folded) such as:
set-cookie: text = HelloWorld, text = AnotherHelloWorld
The recent RFC 6265 Section 3 says:
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.
For the view point of long term sustainability, it might be better to generate "Set-Cookie" headers one for each headers.set or headers.add call.
2:
I just completed a cookie based HttpSessionManager library which is almost equivalent to the HttpSession interface of Java Servlet. It works fine so far. It would be nice if dart:io had this kind of HttpSession interface (including URI rewrite based session also) and following methods were included in the HttpRequest interface:
getSession
getRequestedSessionId
isRequestedSessionIdValid
To try my cookie based HttpSessionManager library:
(1) From https://gist.github.com/2755552, download, decompress and rename the folder like HttpSessionLibrary.
(2) Open the folder from Dart Editor.
(3) Run HttpSessionTestServer.dart or SimpleShoppingCartServer.dart as a server.
(4) Access the server from your browser as http://localhost:8080/SessionTest or http://localhost:8080/GooSushi