From ae7508c616b005e0d5d152a07bf4bde010c1da7b Mon Sep 17 00:00:00 2001
From: Aaron Spaulding <aspaulding@grahammedia.com>
Date: Mon, 22 Sep 2025 13:48:29 -0400
Subject: [PATCH] fix: setting multiple cookies in streaming mode makes an
 invalid `set-cookie` header.

For example, when using Astro Auth multiple headers can be set causing them to be concatenated with a comma. This is not a valid `Set-Cookie` header so only the first cookie is honored and the others are discarded.

This causes an issue where certain auth cookies are not set eventually causing errors preventing users from logging in.
---
 packages/astro-sst/src/lib/event-mapper.ts | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/packages/astro-sst/src/lib/event-mapper.ts b/packages/astro-sst/src/lib/event-mapper.ts
index 7f20ce9..62a9d1f 100644
--- a/packages/astro-sst/src/lib/event-mapper.ts
+++ b/packages/astro-sst/src/lib/event-mapper.ts
@@ -252,10 +252,9 @@ function convertToApigV2StreamingResult({
   const metadata = {
     statusCode,
     headers,
+    cookies: cookies.length > 0 ? stringifyCookies(cookies) : undefined,
   };
-  if (cookies.length > 0) {
-    metadata.headers["set-cookie"] = stringifyCookies(cookies).join(", ");
-  }
+
   responseStream = awslambda.HttpResponseStream.from(responseStream, metadata);
 
   if (!body) {