I faced a problem. When you add multiple Set-Cookie headers to the response headers.Add(Set-Cookie,

Question

0

Editorial Team

Asked: June 8, 20262026-06-08T13:38:05+00:00 2026-06-08T13:38:05+00:00

I faced a problem. When you add multiple Set-Cookie headers to the response headers.Add(Set-Cookie,

0

I faced a problem.

When you add multiple Set-Cookie headers to the response

headers.Add("Set-Cookie", "a=b;Path=/;");
headers.Add("Set-Cookie", "c=d;Path=/;");

actually they are combined and only one header is sent with comma-separated cookies

Set-Cookie: a=b;Path=/;,c=d;Path=/;

According to RFC2109 it is a valid syntax.
But it is not according to RFC6265, which deprecates RFC2109

Moreover latest browsers does not support this comma-separated syntax as well. Tested on IE9, Firefox 13 and Google Chrome 20.

All of these browsers took first cookie only.

Please see the sample project below

https://github.com/mnaoumov/cookie-bug/

I want to find some workaround.

I expect to have two different Set-Cookie headers.

I tried to write some MessageInspector to rewrite HTTP headers. I could not find how to access that headers.

Any ideas?

P.S. Used technology: Web API

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T13:38:08+00:00

Editorial Team

2026-06-08T13:38:08+00:00Added an answer on June 8, 2026 at 1:38 pm

According to answer on codeplex (http://aspnetwebstack.codeplex.com/workitem/288) this issue is known issue and related to WCF self-hosting and should be fixed by moving to IIS hosting.

This is WCF 4 issue which marked as won’t fix.

Found another question with the same outcome WCF 4.0 Cookie Only First is Recorded by Browser.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I faced a problem. When you add multiple Set-Cookie headers to the response headers.Add(Set-Cookie,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply