Multiple cookies with the same name may appear in the cookie store

[dmapr]

I think the problem is in the way the new cookies are processed, specifically merging in the old values. If a new cookie comes in with the same name as an existing one the output will contain both the old and the new value.

Also, the code

            RawHeaders dump = new RawHeaders();
            dump.setStatusLine("HTTP/1.1 200 OK");
            for (HttpCookie cookie: cookies) {
                dump.add("Set-Cookie", cookie.getName() + "=" + cookie.getValue());
            }

looks "dangerous" in general since it discards all of the original cookie's attributes -- domain, path, expiration, etc.

[koush]

May need to revert or rework that change.

[victorhaggqvist]

Yep, this is a problem. Especially since I happened to deal with a api that use cookie auth. Meanwhile, a workaround for now that is good enougth for me is to run new CookieMiddleware(context,"ion").clear(); before every session to start fresh and not get multiple key cookies. Thought it may help someone.

[bramley-turner-stride]

I've encountered this too. It's possibly a problem with the java.net.CookieManager (tested on android 4.4, 6.0): steps to reproduce:

HashMap<String,List<String>> headers = new HashMap<>();
headers .put("set-cookie", Func.toList("_session_id=123"));
manager.put(uri, headers );

(this is basically the process when Ion cookies are restored from SharedPreferences) ---then---

HashMap<String,List<String>> headers = new HashMap<>();
headers .put("set-cookie", Func.toList("_session_id=456; path=/; HttpOnly"));
manager.put(uri, headers );

Now there are two cookies for the key _session_id: result: _session_id=123 _session_id=456

edit: the solution here https://github.com/koush/ion/issues/279 fixed my problem