Spring MockHttpServletResponse.addCookie does not override cookie with the same name

    private MockHttpServletResponse response = new MockHttpServletResponse();

    @Test
    public void removeAuthCookiesTest() {
        JwtToken jwtToken = JwtUtils.generateToken(USER_ID);
        addAuthCookies(response, jwtToken);

        Assert.assertEquals(response.getCookie(COOKIE_KEY_ACCESS).getValue(), jwtToken.getAccess());
        Assert.assertEquals(response.getCookie(COOKIE_KEY_REFRESH).getValue(), jwtToken.getRefresh());

        removeAuthCookies(response);

        Assert.assertNull(response.getCookie(COOKIE_KEY_ACCESS).getValue());
        Assert.assertNull(response.getCookie(COOKIE_KEY_REFRESH).getValue());
    }


    public static void addAuthCookies(HttpServletResponse response, JwtToken jwtToken) {
        response.addCookie(getCookie(COOKIE_KEY_ACCESS, jwtToken.getAccess(), cookieLifeTime));
        response.addCookie(getCookie(COOKIE_KEY_REFRESH, jwtToken.getRefresh(), cookieLifeTime));
    }

    public static void removeAuthCookies(HttpServletResponse response) {
        response.addCookie(getCookie(COOKIE_KEY_ACCESS, null, 0));
        response.addCookie(getCookie(COOKIE_KEY_REFRESH, null, 0));
    }

Before invocation of method removeAuthCookies I have a response with two cookies

name = "access", value = "value1"; 
name = "refresh", value = "value2"

After invocation i expected a response with two cookies

name = "access", value = null; 
name = "refresh", value = null

but actual result is response with 4 cookies

name = "access", value = "value1"; 
name = "refresh", value = "value2";
name = "access", value = null; 
name = "refresh", value = null

Comment From: sbrannen

The Javadoc for javax.servlet.http.HttpServletResponse.addCookie(Cookie) only states:

Adds the specified cookie to the response. This method can be called multiple times to set more than one cookie.

@rstoyanchev Do you know if a cookie should replace a previously added cookie with the same name?

We could also consider introducing a removeCookie(String cookieName) method to MockHttpServletResponse.

Comment From: rstoyanchev

I think add means add, not replace. I've confirmed the current behavior is consistent with both Tomcat and Jetty.

Comment From: chernikov321

I think add means add, not replace. I've confirmed the current behavior is consistent with both Tomcat and Jetty.

So, how to delete cookies from HttpServletResponse, if it has only addCookie() method?

Comment From: chernikov321

https://stackoverflow.com/questions/9821919/delete-cookie-from-a-servlet-response

Comment From: sbrannen

Adding a Cookie with the maxAge set to 0 instructs the client (that consumes the response) to delete the cookie locally -- for example, when the client is a web browser.

Adding a Cookie with the maxAge set to 0 does not remove the Cookie object from the HttpServletResponse object in Java, because doing so would prevent the client from ever consuming the cookie with maxAge set to 0.

As I mentioned in https://github.com/spring-projects/spring-framework/issues/25982#issuecomment-717918685, we could consider introducing something like removeCookie(String cookieName) in MockHttpServletResponse, but I'd first like to understand what you are trying to achieve within your test.

Why do you want to remove an existing Cookie from Spring's MockHttpServletResponse?

Furthermore, are you aware of the reset() method in ServletResponse / MockHttpServletResponse? Would resetting all state in the response meet your needs?