I noticed that Glassfish-5 web server sends responses with only one
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for
folding HTTP headers fields (i.e., as defined in [RFC2616]) might
change the semantics of the Set-Cookie header field because the
%x2C (",") character is used by Set-Cookie in a way that conflicts
with such folding.
When sending an HTTP Response with multiple cookies, CFHTTPMessage
combines the cookies into a comma-separated list under a single
"Set-Cookie" HTTP header. (This is referred to as
Set-cookie-folding is NOT supported on Google Chrome, Firefox, and
Internet Explorer. Each of those browsers will completely ignore every
cookie after the first comma, rendering CFHTTPMessage completely
useless for handling HTTP responses with multiple cookies in any
browser other than Safari (which supports cookie-folding).
You no longer need that custom nucleus-grizzly-all.jar. The issue has been released as part of the most recent Glassfish 5.0 nightlies and the most recent promoted build.
There were two different issues as I tracked the actual fix with a Grizzly issue and used the GlassFish issue for integration of Grizzly.