|Welcome to the Monastery|
at the moment I'm working on code which uses CGI::Cookie for fetching and building cookies. So far, so good. I've to admit that I was never interested in the details of cookie headers until today (I've read the RFC now). But now to the problem:
It seems to be absolutly valid that you produce more than one cookie with the same name. Whether this is meaningful or not is something different. But it is possible. It's also possible, that you get more than one cookie with the same name. Looking at the last RFC 6265 shows that the key for a unique cookie is the triple name/domain/path. E.g if you set a cookie 'test' for 'domain.de' and a cookie 'test' for 'host.domain.de' and you're sending a request to host.domain.de you will see two cookies with name 'test' in the Cookie-Header.
CGI::Cookie can't handle this as it uses the cookie name as a key to a hash holding all cookies. So, as soon as you have two cookies with the same name you fetch only the first one. I found this snippet in CGI::Cookie:
Is there any good cookie handling module out there which can handle the case of two or more cookies of same name?
By the way: Plack::Request does also have this "shortcomming". The good thing: tDocumentation states this clearly. It's IMHO a pitty as Plack::Request is relativly new and has Hash::MultiValue introduced in some cases.
I did also some testing of the way browsers handle different cookies (domain, path) with same cookie name. That's really interesting as there is a ugly difference between Firefox/Safari/Chrome and IE/Opera where I do believe at the moment that IE/Opera are doing it right.