Is order matter in Cookies?

[jacksu]

I have one application in two servers, two servers returns the same
cookie but with some elmenet in different order,

Set-cookie: a=abc; Path=/; Domain=.abc.com; Secure

another one is
Set-cookie: a=abc; Secure; Path=/ ;Domain=.abc.com

the later one will not be included in the Cookie list in the later
request. Does anyone knows whether the order of "secure" matter?

Thanks.

Here is the definition copied from RFC 2109.

set-cookie = "Set-Cookie:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" cookie-av)
NAME = attr
VALUE = value
cookie-av = "Comment" "=" value
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Secure"
| "Version" "=" 1*DIGIT

 

[Juan T. Llibre]

The "standard" order is :
Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure

If you don't set an expires date, the cookie doesn't persist.

Why are you setting cookies like that, instead of using Response.Cookies ?

 

[jacksu]

It is not persistant cookie. We just used in the same session.

The questions is that if we put secure in the middle of cookie, then it
will not sent out by some software, like HttpUnit, but could be handled
by some browsers like IE and firefox.

Any suggestion?

Thanks.