Open yeliex opened 6 months ago
I had this same issue implementing Authentication with an example found in a popular youtube video. Then I had undesired results in the server where the session was never deleted as there were 2 session set-cookie added.
Based on https://www.rfc-editor.org/rfc/rfc6265#section-4.1.1
"The portions of the set-cookie-string produced by the cookie-av term are known as attributes. To maximize compatibility with user agents, servers SHOULD NOT produce two attributes with the same name in the same set-cookie-string. (See Section 5.3 for how user agents handle this case.)"
Nextjs shouldn't combine or return multiple cookies with the same value. They should be overwritten before sending it back in the response.
Link to the code that reproduces this issue
https://github.com/yeliex/stackblitz-starters-kfmrzz
To Reproduce
then open
${host}/api/test
, open dev-tools or read terminal output, you would findset-cookie
headers.Current vs. Expected behavior
Expected
Current
Provide environment information
Which area(s) are affected? (Select all that apply)
Not sure
Which stage(s) are affected? (Select all that apply)
next dev (local), Other (Deployed)
Additional context
when set multi cookie with same name, it would merged into one
set-cookie
header, then when response to client, only the last one remains