Lower case set-cookie header not honoured by Postman


We use a cookie-based authentication mechanism for our API. It works fine when the server is returning the Set-Cookie header in the authentication response. Recently we had to route our request and response through a trusted third party proxy which changes the header to set-cookie. Notice the case difference here.

In Postman, I can see that the cookie is set when I click on the Cookies options. But the cookie is not sent back in the subsequent requests. I would like to understand if this is the expected behavior. If set-cookie is not the right way to use this header, I believe the cookie should not be shown in the list of cookies.

I had no issues with this in Postman 7.30.1

Here is an example:

Sorry that I couldn’t express myself clearly. This is how it works for me too. The cookie appears correctly in the Cookies list. However, the cookie is not send back in the subsequent request. Is it working for you?

Yes, it is working without issues, as it is already saved in the Postman cookie store. Maybe the problem is somewhere else.