Is it acceptable to have multiple `set-cookie` headers in an HTTP/2 stream?

I'm proxying HTTP/2 client -> HTTP/1.1 server, and I'm not sure how to handle multiple set-cookie in the response.

I believe set-cookie is the only header which is allowed to be set multiple times for HTTP/1.1 - is this the case for HTTP/2 as well?

If I receive set-cookie multiple times in the HTTP/1.1 response, how do I send that back to the client over HTTP/2? Can I merge it together into a single header, or do I need to send multiple set-cookie headers back via HTTP/2.0?

Solution

The HTTP/2 specification specifies how to handle cookies in this section.

It is the case for HTTP/2 as well that set-cookie is allowed to be set multiple times - its format would not allow otherwise.

A client receiving multiple set-cookie headers may send multiple cookie headers, or may concatenate them.

The server receiving multiple cookie headers must concatenate them before invoking an application.

How do sites like quora track users without cookies?
How to save the browser sessions in Selenium?
Trouble setting cookies in Express backend for Next.js frontend use
Cookies getting disappeared when page refreshes
Read Flask Session Cookie
Laravel 5: cookie set by custom Middleware not readable in Controller
Is storing an OAuth token in cookies bad practice?
How do I create and read a value from cookie with javascript?
If I set AccessToken and RefreshToken both (JWT) as cookies by server, They both automatically will be sent to server in each request from client
How many bytes in one round-trip for an HTTP/2 browser request over mobile networks?
Cant get claims in authorization handler
Why cookies dont expire after closing browser?
How to specify SameSite value for javax.servlet.http.Cookie
After a user opts out of Cookies, can I remove the cookie?
Next 14: how to set cookie in middleware and get it in root layout
I can't delete cookies on production
JQuery Cookie not working on chrome
Where to store JWT in browser? How to protect against CSRF?
Python & Selenium 4 & Edge Browser | Load personal browser profile (including cookies)
Express Cookie Sent With Header and Saved in Storage but After Reload they are gone
Accessing Cookie client-side with Next JS
React: POST /refresh not setting refresh_token cookie
set-cookie header not working
How do I check if a cookie exists?
Impossible to delete 2 cookies at the same time
PHP -> SOAP -> Magento Webservice: get Cookies set by Magento
How do I make an http request using cookies on flutter?
How to get a cookie in Flutter Web from header?
Express-session not sending secure cookie to localhost
HttpOnly cookie not saved in browser