Can't set multiple cookies with the same name but different domains/paths
|Reported by:||ludwig.haehne||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
There is no way to set cookies with the same name for multiple domains or paths in the same response.
The following code only sets the second cookie:
response.set_cookie("alice", "123", domain='sub.example.com') response.set_cookie("alice", "456", domain='example.com')
It makes sense because Django uses a dictionary for storing cookies:
self.cookies[key] = value
Therefore, Django cannot set multiple cookies with the same name but different domains or paths in the same response. RFC2965 is not completely clear if this should be possible but this article http://www.nczonline.net/blog/2009/05/05/http-cookies-explained/ suggests that it should be:
This cookie has four identifying characteristics: the cookie name, the domain, the path, and the secure flag. In order to change the value of this cookie in the future, another Set-Cookie header must be sent using the same cookie name, domain, and path.
This issue was brought up on Stackoverflow.