Opened 3 years ago

Closed 3 years ago

#18908 closed Uncategorized (duplicate)

Can't set multiple cookies with the same name but different domains/paths

Reported by: ludwig.haehne Owned by: nobody
Component: HTTP handling Version: master
Severity: Normal Keywords: cookie
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


There is no way to set cookies with the same name for multiple domains or paths in the same response.

The following code only sets the second cookie:

response.set_cookie("alice", "123", domain='')
response.set_cookie("alice", "456", domain='')

It makes sense because Django uses a dictionary for storing cookies:

self.cookies[key] = value

Therefore, Django cannot set multiple cookies with the same name but different domains or paths in the same response. RFC2965 is not completely clear if this should be possible but this article suggests that it should be:

This cookie has four identifying characteristics: the cookie name, the domain, the path, and the secure flag. In order to change the value of this cookie in the future, another Set-Cookie header must be sent using the same cookie name, domain, and path.

This issue was brought up on Stackoverflow.

Change History (1)

comment:1 Changed 3 years ago by ludwig.haehne

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
Back to Top