Web actions should not have a set-cookie header

[akrabat]

When calling a web action via HTTP, I should not see a Set-Cookie header.

i.e. when this action:

func main(args: [String:Any]) -> [String:Any] {
    return [
        "headers": [
            "X-Clacks-Overhead": "GNU Terry Pratchett"
        ],
        "body": "<h1>Hello world!</h1>",
    ]
}

is uploaded to OpenWhisk with: wsk action update htmltest html.swift --web true, I get the output:

$ curl -i https://openwhisk.ng.bluemix.net/api/v1/web/19FT_dev/default/htmltest
HTTP/1.1 200 OK
X-Backside-Transport: OK OK
Connection: Keep-Alive
Transfer-Encoding: chunked
Server: nginx/1.11.13
Date: Wed, 21 Jun 2017 14:08:00 GMT
Content-Type: text/html
X-Clacks-Overhead: GNU Terry Pratchett
X-Client-IP: 81.132.67.186
X-Global-Transaction-ID: 1385362991
Set-Cookie: DPJSESSIONID=PBC5YS:1663067204; Path=/; Domain=.whisk.ng.bluemix.net

<h1>Hello world!</h1>

The Set-Cookie: header shouldn't be. Arguably, the Server shouldn't be either as it leaks information.

[rabbah]

This is coming from Bluemix, not openwhisk. I'll see if there's an appropriate repo to move this to.

[akrabat]

Ah yeah, I remember now. You've told me this before. Sorry.

[rabbah]

I've mirrored this in bluemix and going to close.