During tests of the new webservice with some more real-life workloads I noticed that whenever a JSONRPCBackend is used to connect to the service each request generates a new session. But it should re-use the session ID provided by the service instead so that the session gets reused and methods like backend_setOptions work as intended for the currently used session. Since I've successfully used the session ID with requests and curl before the error had to be somewhere else.

Turns out that the custom HTTP response class we currently use in python-opsi does handle headers case-sensitive. While the old service returned the field as set-cookie the new one capitalized it into Set-Cookie.

The solution to this is to follow RFC 7230 and make the headers in our custom class case-insensitive. This should be coming with python-opsi 4.1.1.73.