According to the RFC, individual cookies in the "Cookie" HTTP header may be separated by commas as well as by semicolons. However, ASP.NET does not parse the commas case correctly - it does not count comma as a separator, but considers it just part of the value.
For example
If a client sends header Cookie: a=b, c=d
, then the ASP.NET application will see just one cookie named "a" with value "b, c=d".
As a special case, the same thing happens when the client sends several Cookie headers (one for each cookie) instead of combining all cookies in one header. From HTTP perspective, this is completely valid, and in such case the effective value of the header should be concatenation of the values of all its instances separated by commas.
Does anybody know a workaround (or maybe a fix?) for this? I absolutely need to get this working, because I don't control the client.
P.S. It is ironic that, according to this thread, the .NET built-in HTTP client's (aka HttpWebRequest) behavior is just the opposite, and also causes problems. :-)