httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12132] New: - mod_rewrite Set-Cookie bug
Date Wed, 28 Aug 2002 17:14:47 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12132>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12132

mod_rewrite Set-Cookie bug

           Summary: mod_rewrite Set-Cookie bug
           Product: Apache httpd-2.0
           Version: 2.0.40
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apachebugs@robcromwell.com


There is a bug in mod_rewrite that prevents you from setting the expiration date
of a cookie using the cookie|CO flag in the RewriteRule directive.  The
documentation states that the flag uses the following fields:

'cookie|CO=NAME:VAL:domain[:lifetime]' (set cocookie)  

The optional parameter "lifetime" is the lifetime of the cookie in minutes. 
Currently, when you provide this field with any positive integer, it appears to
be ignored by rewrite.  The cookie's expiration date is always set to the
server's current time in GMT.

Here is an example that *should* set the cookie lifetime to be one day. 

RewriteRule .* - [CO=MyCookie:1:mydomain.com:1440]


The root of the problem can be found on line 4159 of mod_rewrite.c, the
"lifetime" in seconds of the cookie is added to the request time to get the
expiration date.  Currently, the "lifetime" in seconds is being added as a long.
The seconds should be transformed into apr_time before being added to the
request time.

r->request_time +
(60 * atol(expires))

Should be changed to 

r->request_time +
apr_time_from_sec((60 * atol(expires)))

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message