Http response does not conform to RFC 6265 storage model

[alex-aparin]

Introduction

Warning is logged and no other action is taken in the case of duplicated cookies. By duplicated cookie I mean cookie which name, path, doman attributes already stored inside response. But we have RFC 6265 with following statements:

1. At non formal explanation 4.1.2

If the user agent receives a new cookie with the same cookie-name,
domain-value, and path-value as a cookie that it has already stored,
the existing cookie is evicted and replaced with the new cookie.

2. At more formal one 5.3

11. If the cookie store contains a cookie with the same name,
    domain, and path as the newly created cookie:
    1. Let old-cookie be the existing cookie with the same name,
    domain, and path as the newly created cookie. (Notice that
    this algorithm maintains the invariant that there is at most
    one such cookie.)
    2. If the newly created cookie was received from a "non-HTTP"
    API and the old-cookie's http-only-flag is set, abort these
    steps and ignore the newly created cookie entirely.
    3. Update the creation-time of the newly created cookie to
    match the creation-time of the old-cookie.
    4. Remove the old-cookie from the cookie store.

Comparison with other http client

At the moment behaviour of userver http client differs from other well known clients like curl with -cookie/-c options (which by default overwrite cookies with the same name for example)

What to do?

Is it bug (as for me it sounds like that)? Should be added flag to enable overwrite behaviour to comply with legacy code?