How do browsers act when the HTTP response contains two Set-cookie
headers, and only expires
and Max-Age
are different between the two (same name, value, domain and path etc..)?
I need to extend session lifetime. The system calls setcookie
with the cookie name session_name()
, with a period I want to extend.
I cannot change that value in the code directly, but I can call setcookie
afterwords with the my customized period. This causes the Set-Cookie
header to be sent twice, with my modified period comes next (because I called setcookie
after it was called)
In Chrome, it handled it by overriding, so the second one override the first and that is what I need.
However, I do suspect this will happen with every browser or if this is a standard behavior. Is it?