Avoid setting duplicate set-cookie headers

Especially helpful for healthcheck requests
that are continuously and with short interval checking an endpoint
while never completing a flow
thus not having the state cleared.

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

src/satosa/base.py

@@ -219,8 +219,19 @@ def _save_state(self, resp, context):
         :param context: Session context
         """
 
-        cookie = state_to_cookie(context.state, self.config["COOKIE_STATE_NAME"], "/",
-                                 self.config["STATE_ENCRYPTION_KEY"])
+        cookie_name = self.config["COOKIE_STATE_NAME"]
+        cookie = state_to_cookie(
+            context.state,
+            name=cookie_name,
+            path="/",
+            encryption_key=self.config["STATE_ENCRYPTION_KEY"],
+        )
+        resp.headers = [
+            (name, value)
+            for (name, value) in resp.headers
+            if name != "Set-Cookie"
+            or not value.startswith(f"{cookie_name}=")
+        ]
         resp.headers.append(tuple(cookie.output().split(": ", 1)))
 
     def run(self, context):