httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hedges <>
Subject Re: HttpOnly
Date Fri, 12 Nov 2010 22:25:52 GMT

On Fri, 12 Nov 2010, Clinton Gormley wrote:


Thanks, I will add this option to A2C session cookies when
it's ready... no reason to be giving that away.

> I had a read of your bug and the conversation it links to.
> This isn't a bug in libapreq or Apache2::Cookie - some
> process somewhere (and it could be from an advert on the
> user's site) is setting an invalid cookie, which then gets
> passed back to apache.
> Apache2::Cookie tries to parse it, and chokes on it,
> throwing an error. However, you can change how you use
> Apache2::Cookie to ignore the error and just retrieve
> valid cookies as discussed in the conversation linked to
> in that bug report:

Thanks for the confirmation!


View raw message