Upstream supervisor has a closed “not planned” bug report titled Ingress blocking duplicate response header names #4290 which means addons with applications with multiple set-cookie headers for sessions and authentication are not supported.
I was able to workaround with a resolution. I relied on nginx to do the heavy lifting.
- Backend to client: nginx receives multiple set-cookie response headers. nginx combines all of the cookies into a “super” or unified cookie. nginx sends one cookie to client (and discards backend cookies without sending them to client).
- Client to backend: nginx receives “super” cookie. nginx breaks up cookie and sends multiple cookies to backend for session management success.
I have been developing a wireguard UI addon and it maintains session with multiple cookies. You may find more details and nginx source code at nginx can fix home assistant ingress with multiple set-cookie headers · Issue #5 · samrocketman/addons-homeassistant · GitHub
Side note: I would have commented in the original reported issue this workaround, but it is locked and I do not have access to comment. If an admin or moderator could comment on my behalf in the original issue that would be great! I spent almost a week in nginx and hassio docs as well as nginx and hassio source code before I came up with this solution. I didn’t ask for help in the forum to respect time of others.