+ dynstr_append_string(d, "disorder=none;Max-Age=0");
+ }
+ if(u.path) {
+ /* The default domain matches the request host, so we need not override
+ * that. But the default path only goes up to the rightmost /, which would
+ * cause the browser to expose the cookie to other CGI programs on the same
+ * web server. */
+ dynstr_append_string(d, ";Path=");
+ dynstr_append_string(d, quote822(u.path, 0));
+ }
+ dynstr_terminate(d);
+ cgi_header(output, "Set-Cookie", d->vec);