Opened 12 years ago
Closed 12 years ago
#18908 closed Uncategorized (duplicate)
Can't set multiple cookies with the same name but different domains/paths
Reported by: | ludwig.haehne | Owned by: | nobody |
---|---|---|---|
Component: | HTTP handling | Version: | dev |
Severity: | Normal | Keywords: | cookie |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
There is no way to set cookies with the same name for multiple domains or paths in the same response.
The following code only sets the second cookie:
response.set_cookie("alice", "123", domain='sub.example.com') response.set_cookie("alice", "456", domain='example.com')
It makes sense because Django uses a dictionary for storing cookies:
self.cookies[key] = value
Therefore, Django cannot set multiple cookies with the same name but different domains or paths in the same response. RFC2965 is not completely clear if this should be possible but this article http://www.nczonline.net/blog/2009/05/05/http-cookies-explained/ suggests that it should be:
This cookie has four identifying characteristics: the cookie name, the domain, the path, and the secure flag. In order to change the value of this cookie in the future, another Set-Cookie header must be sent using the same cookie name, domain, and path.
This issue was brought up on Stackoverflow.
Duplicate of https://code.djangoproject.com/ticket/10554