It's the minor things that get you into trouble sometimes. For instance, when I used drupal_http_request to do some proxying of content I ran into a little quirk of Drupal. If you get cookie headers back Drupal will go ahead and combine them all into a comma-separated list. If you look at the code you can plainly see where it does this and the rationale in the Request For Comments (RFC) 2109. The unfortunate part is that RFC 2109 has been made obsolete by RFC 6265 which was published in April 2011. If you blindly take this cookie header and pass it back to the client only the first cookie is actually captured. Whoops. 

Normally I'd just explode it and call it a day. Unfortunately the format for the cookie expiration is "Wdy, DD-Mon-YY HH:MM:SS GMT" (as per section 10.1.2). With just a little regex your problem is solved. It means having to do some annoying workarounds, but here is a solution:

function my_module_proxy_url($url) {<br>&nbsp; $result = drupal_http_request($url);<br><br>&nbsp; if (200 == $result-&gt;code) {<br>&nbsp; &nbsp; foreach ($result-&gt;headers as $key =&gt; $value) {<br>&nbsp; &nbsp; &nbsp; if (strcasecmp($key, 'set-cookie')) {<br>&nbsp; &nbsp; &nbsp; &nbsp; $cookies = preg_split('/(?&lt;=\S),(?:\S)/', $value);<br>&nbsp; &nbsp; &nbsp; &nbsp; foreach ($cookies as $cookie) {<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; // Send separately since drupal_add_http_header concatenates with commas<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; header($key . ': ' . $cookie, FALSE);<br>&nbsp; &nbsp; &nbsp; &nbsp; }<br>&nbsp; &nbsp; &nbsp; }<br>&nbsp; &nbsp; &nbsp; else {<br>&nbsp; &nbsp; &nbsp; &nbsp; drupal_add_http_header($key, $value);<br>&nbsp; &nbsp; &nbsp; }<br>&nbsp; &nbsp; }<br>&nbsp; }<br>}

It's always fun when Drupal behaves according to obsolete RFCs. Learn how to proxy http requests with Drupal and actually get useable cookies.