Cookie handling: -I ensures unique Set-Cookie name attribute

Cookie handling: -I ensures unique Set-Cookie name attribute

A junction configured with a -j option causes Set-Cookie headers in responses from back-end servers to have their path attribute value converted to "/", and their name attribute modified by including the junction point. Sometimes the modification of the name attribute with the junction point does not result in mutually exclusive cookies.
Standard -j option operation:
If the following header:
Set-Cookie: ORDERID=123456; path=/orders

is received from a backend server for the -j junction /sales, then the modified header sent to the browser would be:
Set-Cookie: AMWEBJCT!/sales!ORDERID=123456; path=/

However, if another Set-Cookie header with the same name attribute, but a different path value, is received over the same junction, the modified header would result in the exactly same name and path information.
For example:
Set-Cookie: ORDERID=123456; path=/invoices

is modified to:
Set-Cookie: AMWEBJCT!/sales!ORDERID=123456; path=/

Because the second modified Set-Cookie header has the same cookie name and path as the first header, it overwrites the first. The junction point is not enough to uniquely identify the Set-Cookie header.
Solution:
We can configure a -j junction with the additional -I option to add the original path attribute value (for example, /orders) to the modified name of the cookie. Now the cookie names are unique. The following rules apply when using the -I option:
If the Set-Cookie header from the junctioned server contains a path attribute, the value of that path is URI-encoded and used to modify the name attribute.
If the Set-Cookie header from the junctioned server does not contain a path attribute, the basedir of the request URI is extracted, URI-encoded, and used to modify the name attribute.
For example, if the client request was for /dir1/dir2/mypage.html, then the value /dir1/dir2 would be URI-encoded and used.
The Set-Cookie name attribute is then modified using the junction point (unless this is the root junction "/") plus the URI-encoded path value (or basedir value).
The value of the Set-Cookie path attribute is still converted to "/"

For example, if the following header:
Set-Cookie: ORDERID=123456; path=/orders

is received from a backend server for the -j -I junction /sales, then the modified header sent to the browser would be:
Set-Cookie: AMWEBJCT!/sales/orders!ORDERID=123456; path=/

Parent topic: Handling cookies from servers across multiple -j junctions