location of firefox source code that parses Set-Cookie header?

Question

Can someone please point me to the Firefox source code where Set-Cookie header is parsed? I want to understand the exact behavior.

Read further if you want to know why? For various constraint in my application, I need to pass multiple cookies inside single Set-Cookie header. RFC-2109 clearly mentions,

"Set-Cookie response header comprises the token Set-Cookie:, followed by a comma-separated list of one or more cookies. Each cookie begins with a NAME=VALUE pair, followed by zero or more semi-colon-separated attribute-value pairs."

So I should be able to pass following Set-Cookie header

Set-Cookie: name1=value1; attr11=attrval11; attr12=attrval12,name2=value2; attr21=attrval21; attr22=attrval22;

It doesn't work. However, following does work

Set-Cookie: name1=value1, name2=value2; attr1=attrval1; attr2=attrval2;

And, I want to give different attributes for different cookies.

[Update]

Real Examples:

Example#1-

Set-Cookie: cookie1=value1; Path=/,cookie2=value2; Path=/

In this case firefox parses and gets first cookie(whose name is "cookie1" and value is "value1") out of it(second one is completely ignored)

Example#2-

Set-Cookie: cookie1=value1,cookie2=value2; Path=/

In this case firefox believes there is one cookie whose name is "cookie1" and value is "value1,cookie2=value2". This, again, is not what was intended.

Answer 1

My understanding is that browsers implement the standard somewhat differently in respect to multiple cookies per Set-Cookie header. However, you can send multiple Set-Cookie headers to set the value of multiple cookies:

Set-Cookie: name1=value1; attr11=attrval11; attr12=attrval12
Set-Cookie: name2=value2; attr21=attrval21; attr22=attrval22

Although is there any reason why you're manually headers to the response instead of using whatever your framework (PHP, ASP.NET, RoR, etc) provides?

Answer 2

A quick walk through MXR indicates the main logic is in nsCookieService::SetCookieInternal. You can follow the links back and forth as needed. As far as your actual problem, it may help if you give a real example header.

Answer 3

well, reading from the source code its clear that firefox doesn't implement RFC-2109 in this regard and uses CR or LF instead of ',' as cookie separator(notice line#1934, 1959, 1990 in http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/nsCookieService.cpp). I tried both on Firefox v3.6.6, CR is working but LF is not.

Conclusion: on Firefox, I can use CR instead of ',' to separate cookies.

Glitch : None out of (CR, LF, ',') are working on Internet-Explorer. Now can someone point me to "source" code for IE where I can see what they're using as cookie separator :-)