I've been debugging an authentication issue in our app in FastBoot using ember-simple-auth. Essentially, if you write more than one cookie in FastBoot, the FastBoot Express middleware will only return the last cookie, overwriting the previous cookie each time a new one is added. This particularly affects ember-simple-auth, where if you set an expiration date on your auth cookie, the expiration cache cookie will overwrite your auth cookie, preventing proper authentication.

It's trivial to replicate by writing several cookies in FastBoot and checking the response. You should see a single set-cookie header with the last cookie written.

I personally don't think ember-cookies is doing anything wrong. The way FastBoot provides an API to append headers vs the way it then sets them seems inconsistent. I've opened an issue with more info ember-fastboot/fastboot-express-middleware#33 to hopefully get some feedback on what the intended behaviour is.

I personally don't think ember-cookies is doing anything wrong. The way FastBoot provides an API to append headers vs the way it then sets them seems inconsistent.

Indeed - closing this