Response to api.php?action=login on Wikimedia wikis has some seriously sick Set-Cookie headings.
`curl -X POST -I "https://en.wikipedia.org/w/api.php?format=json&action=login" | grep -i Set-Cookie`
```
Set-Cookie: forceHTTPS=true; path=/; httponly
Set-Cookie: enwikiSession=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; path=/; secure; httponly
Set-Cookie: enwikiUserID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; httponly
Set-Cookie: enwikiToken=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; httponly
Set-Cookie: centralauth_User=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.wikipedia.org; secure; httponly
Set-Cookie: centralauth_Token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.wikipedia.org; secure; httponly
Set-Cookie: centralauth_Session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.wikipedia.org; secure; httponly
Set-Cookie: forceHTTPS=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
Set-Cookie: forceHTTPS=true; path=/; domain=.wikipedia.org; httponly
Set-Cookie: forceHTTPS=true; path=/; httponly
Set-Cookie: forceHTTPS=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
Set-Cookie: forceHTTPS=true; path=/; domain=.wikipedia.org; httponly
Set-Cookie: WMF-Last-Access=22-Jan-2016;Path=/;HttpOnly;Expires=Tue, 23 Feb 2016 12:00:00 GMT
Set-Cookie: GeoIP=YYYYYYYYYYYYYYYYYYYYYYYYYYY; Path=/; Domain=.wikipedia.org
```
1. Why are we sending so many pre-expired cookies? I see that this is intentional, but I'm curious why it's needed.
2. Why are we sending the 'forceHTTPS' cookies **six** times?
(The expired cookies serve as a good test of the client's cookie handling abilities, heh. My bot was unable to log in until I taught it to expire cookies.)