We use a cookie-based authentication mechanism for our API. It works fine when the server is returning the Set-Cookie header in the authentication response. Recently we had to route our request and response through a trusted third party proxy which changes the header to set-cookie. Notice the case difference here.
In Postman, I can see that the cookie is set when I click on the Cookies options. But the cookie is not sent back in the subsequent requests. I would like to understand if this is the expected behavior. If set-cookie is not the right way to use this header, I believe the cookie should not be shown in the list of cookies.