Description
Hi there,
I was trying to use this library in a project I've been working on. However, I found that, when I was logging into the administration side of said project, I was getting an error indicating that I had failed to set a cookie. Upon further inspection, I found the following.
The PHP code was sending the following (excerpted from strace):
write(1, "Set-Cookie: adminsid=fakefakefakefake; expires=Tue, 31-Aug-2021 01:13:25 GMT; path=/admin/; HttpOnly; SameSite=lax", 130) = 130
write(1, "\r\n", 2) = 2
write(1, "Set-Cookie: acploginattempts=0; expires=Tue, 31-Aug-2021 01:13:25 GMT; path=/admin/", 83) = 83
write(1, "\r\n", 2)
However, when the request was subsequently sent to Firefox, I received the following:
Set-Cookie: acploginattempts=0; expires=Tue, 31-Aug-2021 01
This indicates to me two issues. Firstly, if a header is set twice, as shown in the strace by two 'write' semantics, I only get the last one. Secondly, if a header (validly) contains a colon after the one separating the header name from it's value, said colon, and any subsequent contents, are lost.