How do browsers act when the HTTP response contains two Set-cookie headers, and only expires and Max-Age are different between the two (same name, value, domain and path etc..)?
I need to extend session lifetime. The system calls setcookie with the cookie name session_name(), with a period I want to extend.
I cannot change that value in the code directly, but I can call setcookie afterwords with the my customized period. This causes the Set-Cookie header to be sent twice, with my modified period comes next (because I called setcookie after it was called)
In Chrome, it handled it by overriding, so the second one override the first and that is what I need.
However, I do suspect this will happen with every browser or if this is a standard behavior. Is it?