[patch included] multiple headers of the same name overwrite the previous header (cookies)

[GoogleCodeExporter]

If a website sends more than one Set-Cookie header, only the last one will be 
kept as Response() stores them as individual keys of the same name.

in __init__.py, class Response(dict), about line 1169

CHANGE:
        if isinstance(info, http.client.HTTPResponse):
            for key, value in info.getheaders(): 
                self[key.lower()] = value

TO:
        if isinstance(info, http.client.HTTPResponse):
            for key, value in info.getheaders():
                key_lower = key.lower()
                if key_lower in self and key_lower == 'set-cookie':
                    """ blindly ignore RFC and append value to existing
                    header.  some headers such as Set-Cookie, are not comma
                    separated, they are semicolon separated -- just do it  
                    """
                    self[key_lower] += '; '+value
                else:
                    self[key_lower] = value

also applicable to the two elifs following.

Original issue reported on code.google.com by firefigh...@gmail.com on 29 Apr 2011 at 5:59

• Merged into: #11

[GoogleCodeExporter]

http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2

    "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma."

any http header is allowed to be present more than once as long as its value 
can be specified as a comma separated list, so this isn't at all specific to 
cookies.

http://tools.ietf.org/html/rfc2965#page-11

    cookie          =  "Cookie:" cookie-version 1*((";" | ",") cookie-value)

cookies within a single header can be separated by semi-colons OR commas, so 
they fit the bill for compaction into a single header, but it should be done 
with commas.

patch attached (uses commas, applies the rule to any header that shows up more 
than once)

Original comment by travis.p...@gmail.com on 27 May 2011 at 11:01

Attachments:

• multiheader.diff

[GoogleCodeExporter]

upload.py'd

http://codereview.appspot.com/4528105/

Original comment by travis.p...@gmail.com on 28 May 2011 at 12:08

[GoogleCodeExporter]

Issue 144 has been merged into this issue.

Original comment by joe.gregorio@gmail.com on 6 Jun 2011 at 8:17

[GoogleCodeExporter]

i'm curious about the use of commas.  i've been watching my Set-Cookie 
responses as i visit websites etc, and am seeing the use of semi-colons only.  
granted, i have my personal tastes in websites, but my experience suggests that 
the use of semicolons would be more expected from app developers.

Original comment by firefigh...@gmail.com on 9 Jun 2011 at 3:12

[GoogleCodeExporter]

Original comment by joe.gregorio@gmail.com on 13 Jun 2011 at 5:51

• Changed state: Duplicate

[GoogleCodeExporter]

httplib.HTTPMessage is already doing what my patch does, though joining by ", " 
instead of " , ".

I used spaces on both sides because in cursory testing with chrome I found that 
was required for it to recognize that they are separate cookie key value pairs. 
Semi-colons are much more commonly used for separating cookies so a 
cookie-specific solution (rather than "any repeated headers", which httplib is 
doing) may be in order for this.

Original comment by travis.p...@gmail.com on 13 Jun 2011 at 7:18

[GoogleCodeExporter]

it appears the cookie specific solution is needed because some servers use 
commas in their expire time.  the use of semicolons does appear to dominate, 
probably because of this.

Original comment by firefigh...@gmail.com on 17 Jun 2011 at 5:29

[GoogleCodeExporter]

If a website sends more than one Set-Cookie header, only the last one will be 
kept as Response() stores them as individual keys of the same name.

in __init__.py, class Response(dict), about line 1169

CHANGE:
        if isinstance(info, http.client.HTTPResponse):
            for key, value in info.getheaders(): 
                self[key.lower()] = value

TO:
        if isinstance(info, httplib.HTTPResponse):
            for key, value in info.getheaders():
                key_lower = key.lower()
                if key_lower == 'set-cookie':
                    value = value.replace('/, ','/; ')                
                self[key_lower] = value

Original comment by francois...@gmail.com on 16 Dec 2012 at 7:36