Not be able to get whole string for the header Sert-cookie using  ${response.http.header.Set-cookie},  if the string contains comma. 

ssg 11.x

While the Set-Cookie header has historically been a source of ambiguity regarding commas, the modern, widely-adopted standard (RFC 6265) specifies that commas are not allowed within the cookie's value itself. 

To separate multiple cookies: An older RFC (RFC 2109) allowed for a single Set-Cookie header to contain multiple cookies separated by commas. However, this behavior caused conflicts, as commas also appear in a cookie's Expires attribute.

Modern practice for multiple cookies: The current recommendation and most reliable method is to use multiple, separate Set-Cookie headers in the HTTP response, one for each cookie.

The backend is using the old code so it return the Set-cookie with comma separated cookies. 

Use ${response.http.headervalues.set-cookies} to get ${response.https.header.Set-cookie} values. 

Work around:

Use ${response.http.cookies} to get Set-cookie values.  As stated in the gateway document:   

• For the ${request.http.cookies}, this returns the same value as ${request.http.headervalues.cookies}.
• For ${response.http.cookies}, this returns the same value as ${response.http.headervalues.set-cookies}.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/11-2/reference/context-variables/transport-layer-context-variables.html