Research how to deal with multiple cookie headers in the request

[FagnerMartinsBrack]

This came up on #10 (comment):

Ps: How are you dealing with requests that have multiple 'cookie' headers.
You use HttpServletRequest.getHeader() but this method is documented as
follows:

public java.lang.String getHeader(java.lang.String name)
Returns the value of the specified request header as a String. If the
request did not include a header of the specified name, this method returns
null. If there are multiple headers with the same name, this method returns
the first head in the request. The header name is case insensitive. You can
use this method with any request header.
How can you be sure that you are not missing cookie in the other cookie
headers? You only take the first 'cookie' header but I believe multiple
headers are allowed.

[FagnerMartinsBrack]

As from RFC 6265 section 5.4:

When the user agent generates an HTTP request, the user agent MUST NOT attach more than one Cookie header field.

The wording "MUST NOT" means, according to RFC 2119, that:

... the definition is an absolute prohibition of the specification.

As a conclusion, the assumption should be that the User Agent respects the specification and sets the Cookie Header correctly. Therefore there is no need for a fix because there is no bug.

If for some reason a User Agent do not respect the specification, it should be fixed in the User Agent side, not in Java Cookie. Also, if the User Agent is considerably mainstream, one can always request for the RFC 6265 to be updated to consider multiple Headers as a De facto Standard.

Neverthless, I have never seen a User Agent sending more than one cookie header to the request.

For details, see this StackOverflow answer.
Pinging @roelstorms for awareness.