Add exception for set-cookie headers to always append (#589)

homestar9 · web-flow · commit 20cdbf5f603f · 2024-03-13T11:49:30.000+01:00
diff --git a/system/web/context/RequestContext.cfc b/system/web/context/RequestContext.cfc
@@ -1803,9 +1803,16 @@ component serializable="false" accessors="true" {
 		}
 		// Name Exists and not already set.
 		else if ( !isNull( arguments.name ) ) {
-			getPageContext()
-				.getResponse()
-				.setHeader( javacast( "string", arguments.name ), javacast( "string", arguments.value ) );
+
+			var response = getPageContext().getResponse();
+						
+			// special exception for Set-Cookie. We always append this header, instead of overwriting
+ 			if ( arguments.name == "Set-Cookie" ) {
+				response.addHeader( javacast( "string", arguments.name ), javacast( "string", arguments.value ) );
+			} else {
+				response.setHeader( javacast( "string", arguments.name ), javacast( "string", arguments.value ) );
+			}
+				
 			variables.responseHeaders[ arguments.name ] = arguments.value;
 		} else {
 			throw(
