Skip to content

Are duplicate cookie names allowed? #39562

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DanKaplanSES opened this issue May 18, 2025 · 1 comment
Open

Are duplicate cookie names allowed? #39562

DanKaplanSES opened this issue May 18, 2025 · 1 comment
Labels
accepting PR Feel free to open a PR to resolve this issue Content:HTTP HTTP docs goal: completeness (Experiment label) Issues about content missing important/relevant details.

Comments

@DanKaplanSES
Copy link
Contributor

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cookie

What specific section or headline is this issue about?

No response

What information was incorrect, unhelpful, or incomplete?

I was inspecting a response in my developer tools and I noticed I had sent 2 cookies with the same name to the server. I can't find any information on MDN mention that as a possibility.

What did you expect to see?

I was hoping this page would mention if duplicate cookie names are allowed. It seems my browser allows it, but I don't know if it's following the spec by doing so. I searched the linked spec for dup and didn't find any hits.

Do you have any supporting links, references, or citations?

No response

Do you have anything more you want to share?

No response

MDN metadata

Page report details
@DanKaplanSES DanKaplanSES added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label May 18, 2025
@github-actions github-actions bot added the Content:HTTP HTTP docs label May 18, 2025
@hamishwillee
Copy link
Collaborator

hamishwillee commented May 18, 2025
edited
Loading

Yes. My recollection from documenting the cookie store API (and testing this) is that you can have the same name of cookie at different paths, and also keyed on the partitioned value. So if you set a cookie that is the same name but on a different path you get a new cookie. On the same path and same partitioned value you get an update of the cookie (for value, expires, samesite).

What I'm not sure is whether setting a cookie is schemefully samesite - i.e. you get a different cookie on https vs http sites. I THINK it is.

Yes, we should do a test of this and then make this clear in the HTTP headers doc. We should also make this clear in the top level Cookie_Store_API, CookieStore, CookieStore.set. I thought I had, so this is a timely reminder.
Lastly we should cross link the header to these docs and to Document.cookie.

If no one else does this, I will probably get to it when Firefox releases their version of the Cookie Store in the wild.

@hamishwillee hamishwillee added accepting PR Feel free to open a PR to resolve this issue and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels May 18, 2025
@caugner caugner added the goal: completeness (Experiment label) Issues about content missing important/relevant details. label May 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepting PR Feel free to open a PR to resolve this issue Content:HTTP HTTP docs goal: completeness (Experiment label) Issues about content missing important/relevant details.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DanKaplanSES @caugner @hamishwillee