diff --git a/lib/rack/test/cookie_jar.rb b/lib/rack/test/cookie_jar.rb
index 011f81b..96fa154 100644
--- a/lib/rack/test/cookie_jar.rb
+++ b/lib/rack/test/cookie_jar.rb
@@ -28,7 +28,7 @@ def initialize(raw, uri = nil, default_host = DEFAULT_HOST)
         @raw, options = raw.split(/[;,] */n, 2)
 
         @name, @value = parse_query(@raw, ';').to_a.first
-        @options = parse_query(options, ';')
+        @options = Hash[parse_query(options, ';').map { |k, v| [k.downcase, v] }]
 
         if domain = @options['domain']
           @exact_domain_match = false
@@ -69,7 +69,7 @@ def secure?
       # Whether the cookie has the httponly flag, indicating it is not available via
       # a javascript API.
       def http_only?
-        @options.key?('HttpOnly') || @options.key?('httponly')
+        @options.key?('httponly')
       end
 
       # The explicit or implicit path for the cookie.
@@ -110,11 +110,13 @@ def <=>(other)
 
       # A hash of cookie options, including the cookie value, but excluding the cookie name.
       def to_h
-        @options.merge(
+        hash = @options.merge(
           'value'    => @value,
           'HttpOnly' => http_only?,
           'secure'   => secure?
         )
+        hash.delete('httponly')
+        hash
       end
       alias to_hash to_h
 
diff --git a/spec/rack/test/cookie_spec.rb b/spec/rack/test/cookie_spec.rb
index f88c431..6b0036d 100644
--- a/spec/rack/test/cookie_spec.rb
+++ b/spec/rack/test/cookie_spec.rb
@@ -49,12 +49,28 @@ def cookie.expired?; true end
     cookie_string = [
       '/',
       'csrf_id=ABC123',
-      'path=/',
-      'expires=Wed, 01 Jan 2020 08:00:00 GMT',
+      'path=/cookie',
       'HttpOnly'
     ].join(Rack::Test::CookieJar::DELIMITER)
     cookie = Rack::Test::Cookie.new(cookie_string)
-    cookie.path.must_equal '/'
+    cookie.path.must_equal '/cookie'
+  end
+
+  it 'attribute names are case-insensitive' do
+    cookie_string = [
+      '/',
+      'csrf_id=ABC123',
+      'Path=/cookie',
+      'Expires=Wed, 01 Jan 2020 08:00:00 GMT',
+      'HttpOnly',
+      'Secure',
+    ].join(Rack::Test::CookieJar::DELIMITER)
+    cookie = Rack::Test::Cookie.new(cookie_string)
+
+    cookie.path.must_equal '/cookie'
+    cookie.secure?.must_equal true
+    cookie.http_only?.must_equal true
+    cookie.expires.must_equal Time.parse('Wed, 01 Jan 2020 08:00:00 GMT')
   end
 
   it 'escapes cookie values' do