httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47241] Error in rewriting with character ':'
Date Mon, 08 Jun 2009 08:13:21 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47241





--- Comment #8 from Jonathan Clarke <jonathan@phillipoux.net>  2009-06-08 01:13:17 PST
---
Hi,

Just some details about separator characters to respond to Eric's comment.

RFC 2109 and the newer 2965 ("HTTP State Management Mechanism" aka Cookies)
states that within in the Set-Cookie, Set-Cookie2, Cookie and Cookie2 headers
the syntax is of attr=value pairs, separated by semi-colons (";") or commas
(",").

Any other special characters as defined in RFC 2616 are allowed in cookie
values, although they should presumably be "-quoted to respect RFC 2616. This
means that a colon (":") is a legal value in cookie attr=value pairs.

mod_rewrite strips all character escaping before reaching the set_cookie
function. Therefore, the set_cookie function can only work with non-escaped
text. 

It seems to me to make sense to use semi-colon (";") as a separator for cookie
parts in mod_rewrite syntax, instead of colon (":"), since this is a separator
character anyway. The attached patch implements this proposition.

I hope this clarifies the problem and the proposed solution, and can be
considered for inclusion in Apache. Please let us know any comments on this.

Regards,
Jonathan

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message