Multiple Set-Cookie headers for the sAccessToken cookie

[IamMayankThakur]

When merge_into_access_token_payload() is called multiple times, each call makes a call to set_cookie() in supertokens_python/framework/flask/flask_response.py.

As a part of flask's default behaviour, flask appends Set-Cookie headers if a cookie with the same name is passed multiple time.

We would like to replace the older header with the latest sAccessToken.
I did not find a way to do it in flask, so as a fix we might have to keep track of the latest access_token in the SessionContainer.response_mutators list.

Override to reproduce the bug:

Post /signinup, the response should contain multiple sAccessToken cookies.

Affects flask, not tested with other frameworks.

def override_thirdpartyemailpassword_apis(original_implementation: APIInterface):
    original_thirdparty_sign_in_up_post = original_implementation.thirdparty_sign_in_up_post

    async def thirdparty_sign_in_up_post(
        provider: Provider,
        redirect_uri_info: Optional[RedirectUriInfo],
        oauth_tokens: Optional[Dict[str, Any]],
        tenant_id: str,
        api_options: ThirdPartyAPIOptions,
        user_context: Dict[str, Any]
    ):
        print("thirdparty_sign_in_up_post")

        # or call the default behaviour as show below
        resp = await original_thirdparty_sign_in_up_post(provider, redirect_uri_info, oauth_tokens, tenant_id, api_options, user_context)


        await resp.session.merge_into_access_token_payload({ 'newKey': 'newValue' })
        await resp.session.merge_into_access_token_payload({ 'newKey1': 'newValue1' })
        await resp.session.merge_into_access_token_payload({ 'newKey2': 'newValue2' })
        await resp.session.merge_into_access_token_payload({ 'newKey3': 'newValue3' })

        return resp
    
    original_implementation.thirdparty_sign_in_up_post = thirdparty_sign_in_up_post
    return original_implementation