mod_headers: Note that Set-Cookie is an exception to comma-separated append per RFC...

author Rich Bowen <rbowen@apache.org>

Wed, 29 Apr 2026 19:50:05 +0000 (19:50 +0000)

committer Rich Bowen <rbowen@apache.org>

Wed, 29 Apr 2026 19:50:05 +0000 (19:50 +0000)
author Rich Bowen <rbowen@apache.org>
Wed, 29 Apr 2026 19:50:05 +0000 (19:50 +0000)
committer Rich Bowen <rbowen@apache.org>
Wed, 29 Apr 2026 19:50:05 +0000 (19:50 +0000)
diff --git a/docs/manual/mod/mod_headers.xml b/docs/manual/mod/mod_headers.xml

index 26540c1007747b7505a47f402d123b4bbdb78adb..d0a75fb6bd3b03ba6a4a0d1b41bff0d728439116 100644 (file)
--- a/docs/manual/mod/mod_headers.xml
+++ b/docs/manual/mod/mod_headers.xml
@@ -358,6 +358,10 @@ available in 2.4.10 and later</compatibility>
      the same name. When a new value is merged onto an existing
      header it is separated from the existing header with a comma.
      This is the HTTP standard way of giving a header multiple values.
+    Note that the <code>Set-Cookie</code> header is an exception:
+    <rfc>6265</rfc> requires multiple <code>Set-Cookie</code> headers
+    rather than combining values with commas. Use <code>add</code>
+    instead of <code>append</code> for <code>Set-Cookie</code>.
      <br/><br/><p>Choosing a <var>condition</var>: If the existing header to be appended to was added by this module, you must match the condition
      parameter that was originally used. Otherwise, you must determine by trial
      and error whether <code>always</code> should be specified because you can't
author	Rich Bowen <rbowen@apache.org>
	Wed, 29 Apr 2026 19:50:05 +0000 (19:50 +0000)
committer	Rich Bowen <rbowen@apache.org>
	Wed, 29 Apr 2026 19:50:05 +0000 (19:50 +0000)