httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 56014] New: MOd rewrite CO Cookie method the lifetime flag not working as expected
Date Wed, 15 Jan 2014 12:07:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014

            Bug ID: 56014
           Summary: MOd rewrite CO Cookie method the lifetime flag not
                    working as expected
           Product: Apache httpd-2
           Version: 2.2.24
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite
          Assignee: bugs@httpd.apache.org
          Reporter: srinivas.meganath@wipro.com

HI,

We are using the Apache 2.2.24 on Red Hat Linux.
In Mod rewrite rules, we have observed below error behavior with respect to
cookie session flag.

The documentation mentions  that when you specify the lifetime of ‘0’ or the
default value should be 0  ,  session cookie should persist only for the
current browser session. I have tested this and this is not true (session is
expired immediately). 

Code used :
CO=cookie1:true:.abcxyz.com:0:/:1:1  

Result: Session expires immediately == BUG

CO=cookie1:true:.abcxyz.com::/:1:1  

Result: Session expires immediately == BUG

CO=cookie:true:.abcxyz.com  
Result:  Works default setting is session cookie. But this cookie is not secure
and HTTP only.

We have to set cookie which is persist only for the current browser session and
secure and HTTP only with path.

Please let us know if any solutions available for this.

DO let me know if you need any other information.


Thanks and Regards,
Srinivas M, CISSP.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message