Recently I debugged an issue with session cookies. Multiple sessions and session cookies started appearing for a
single user when browsing the web application. It took quite little time to figure this out with the Chrome debugger: all
cookies had different
Comes out that sending a cookie without the
Path option makes the browser use the current request URL path as its value.
The cookie is sent back to server only when the cookie path matches the request URL as a prefix. This makes requests
with different paths sometime not send back the existing cookie and will receive a new one from the server. This behavior is
described in RFC6265 sections 18.104.22.168 and 5.1.4. Setting the
Path option to
/ solved the problem.
Old code to emit the
Set-Cookie header (Prolog):
format('Set-Cookie: ~w=~w; Expires=~w\r\n', [KeyEncoded, ValueEncoded, ExpireDate]).
format('Set-Cookie: ~w=~w; Path=/; Expires=~w\r\n', [KeyEncoded, ValueEncoded, ExpireDate]).