Trying to set the same cookie several times on the request fails, and only the last cookie value is actually set on the response.

The faulty code appears to lie here:
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/HttpServerExchange.java#L1077

Essentially the problem is that this makes it impossible to set the same cookie ("hello") with different domain/path/comment/version/httponly/secure flags, out of which probably the different domain and path are the main ones hurting.

Imagine a scenario whereby your app needs to work on more than one domains, and to achieve that the simplest/laziest approach is to simply set the same cookie value on all the domains the application can be accessed on (rather than trying to deduce the domain from the incoming request).

I think this severely limits the usability, and potentially should be assigned Critical priority.

Workaround: use response.addHeader with manually constructed Set-Cookie headers, not quite ideal.