httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47241] Error in rewriting with character ':'
Date Mon, 08 Jun 2009 08:13:21 GMT

--- Comment #8 from Jonathan Clarke <>  2009-06-08 01:13:17 PST

Just some details about separator characters to respond to Eric's comment.

RFC 2109 and the newer 2965 ("HTTP State Management Mechanism" aka Cookies)
states that within in the Set-Cookie, Set-Cookie2, Cookie and Cookie2 headers
the syntax is of attr=value pairs, separated by semi-colons (";") or commas

Any other special characters as defined in RFC 2616 are allowed in cookie
values, although they should presumably be "-quoted to respect RFC 2616. This
means that a colon (":") is a legal value in cookie attr=value pairs.

mod_rewrite strips all character escaping before reaching the set_cookie
function. Therefore, the set_cookie function can only work with non-escaped

It seems to me to make sense to use semi-colon (";") as a separator for cookie
parts in mod_rewrite syntax, instead of colon (":"), since this is a separator
character anyway. The attached patch implements this proposition.

I hope this clarifies the problem and the proposed solution, and can be
considered for inclusion in Apache. Please let us know any comments on this.


Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message