Do the following steps: 1. record new zest script 2. browse to www.google.de 3. stop recording 4. replay script

The first response of www.google.de includes: Set-Cookie: foo=bar; expires=...; path=/; domain=.google.de Set-Cookie: spam=ham; expires=...; ....

This should give the following header within the second request: Cookie: foo=bar; spam=ham

However, the following is produced: Cookie: $Version=0; foo=bar; $Path=/; $Domain=.google.de Cookie: $Version=0; spam=ham; $Path=/; $Domain=.google.de

Tested with OWASP ZAP 2.4.0 (2.4.0-0kali1 build on a Debian Jessie)

java -version openjdk version "1.8.0_40-internal" OpenJDK Runtime Environment (build 1.8.0_40-internal-b09) OpenJDK 64-Bit Server VM (build 25.40-b13, mixed mode)

transferred this at github…

Thanks!

Issue at: https://github.com/zaproxy/zaproxy/issues/1704