URLSession & HTTPURLReponse not handling multiple Set-Cookie headers

In our Network Extension we're trying to use URLSession for setting up a connection using a series of HTTP exchanges.

I see an HTTP response in Wireshark which has multiple

Code Block
Set-Cookie

headers, but only the last one shows up in the HTTPURLReponse.

Traffic on the wire:

Code Block
Set-Cookie: ABC_COOKIE=2000;Path=/;Secure
Set-Cookie: XYZ_COOKIE=tuv;Path=/;expires=<somedate>;Secure
Set-Cookie: foo=bar;Secure;Path=/;expires=<somedate>


Value in HTTPURLResponse.allHeaderFields:

Code Block
"Set-Cookie" = "foo=bar;Secure;Path=/;expires=<somedate>"

No sign of the other cookie values. I've seen comments on the web that the cookies in multiple Set-Cookie headers will be concatenated into a single header, but that's not at all what I'm seeing.

Is there a way to access the other cookie values? If not, how can we use URLSession with an endpoint that will return multiple Set-Cookie headers?

Answered by kjbrock in 657231022
Well, I still don't know why I wasn't seeing the cookies properly in the response I was tracing, but it looks like my case is Ok at this point.

There was also a redirect issue, where the URLSession was following redirects because I wasn't returning the right value from

Code Block
    func urlSession(_ session: URLSession,
                    task: URLSessionTask,
                    willPerformHTTPRedirection response: HTTPURLResponse,
                    newRequest request: URLRequest, completionHandler: @escaping (URLRequest?) -> Void)


When I broke in that function to see what was going on I saw all of the cookies... The "Set-Cookie" value was an array of header values, and when I blocked the redirects I started seeing the correctly formatted Set-Cookie in the HTTPURLResponse.

So although I don't know why the behavior was wrong in the first case I was seeing, the case I need it OK.

Accepted Answer
Well, I still don't know why I wasn't seeing the cookies properly in the response I was tracing, but it looks like my case is Ok at this point.

There was also a redirect issue, where the URLSession was following redirects because I wasn't returning the right value from

Code Block
    func urlSession(_ session: URLSession,
                    task: URLSessionTask,
                    willPerformHTTPRedirection response: HTTPURLResponse,
                    newRequest request: URLRequest, completionHandler: @escaping (URLRequest?) -> Void)


When I broke in that function to see what was going on I saw all of the cookies... The "Set-Cookie" value was an array of header values, and when I blocked the redirects I started seeing the correctly formatted Set-Cookie in the HTTPURLResponse.

So although I don't know why the behavior was wrong in the first case I was seeing, the case I need it OK.

URLSession &amp;amp; HTTPURLReponse not handling multiple Set-Cookie headers
 
 
Q