Remove support for Set-Cookie2 in 2.7

We forgot to drop it in the past, I don't want breakage between 2.5 and 2.6 so we must keep a note somewhere that this must be removed after 2.6.

Originally posted by @wtarreau in https://github.com/haproxy/haproxy/issues/47#issuecomment-1041517862

cc @frobware

@frobware since you reported the infinite loop bug, did you encounter Set-Cookie2 in field from a real server or did someone just happen to read the code and experiment with it ? I'm asking because iff there's a real use case, it doesn't cost anything to keep it. It's just that it looks like it was never adopted hence it looks like it could be dropped.

@frobware since you reported the infinite loop bug, did you encounter Set-Cookie2 in field from a real server or did someone just happen to read the code and experiment with it ? I'm asking because iff there's a real use case, it doesn't cost anything to keep it. It's just that it looks like it was never adopted hence it looks like it could be dropped.

Real world use case. Alas.

Is there an actual browser client in the picture that supports SetCookie2?

Opera used to ~10 years ago, it was the one I've used to validate the implementation by then. Nowadays I guess everyone dropped it. My concern is more about servers which would purposely use set-cookie2 for haproxy persistence and use the more common set-cookie for applications. There could be some justifications for doing this (easier debugging, or logging only technical data).

Touch

@wtarreau Should this still happen?

@wtarreau Conference is coming up, I know: I just remembered this issue and wanted to bump it before I forgot about this myself again :smiley:

Oh you're right, thanks for the ping. Let's not forget it again :-)

Now done, closing :-)