Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C4FEF10B19 for ; Wed, 15 Jan 2014 12:07:36 +0000 (UTC) Received: (qmail 87219 invoked by uid 500); 15 Jan 2014 12:07:36 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 86841 invoked by uid 500); 15 Jan 2014 12:07:29 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 86826 invoked by uid 99); 15 Jan 2014 12:07:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Jan 2014 12:07:27 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Jan 2014 12:07:26 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 61CA61C72E; Wed, 15 Jan 2014 12:07:06 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 56014] New: MOd rewrite CO Cookie method the lifetime flag not working as expected Date: Wed, 15 Jan 2014 12:07:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_rewrite X-Bugzilla-Version: 2.2.24 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: srinivas.meganath@wipro.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=3D56014 Bug ID: 56014 Summary: MOd rewrite CO Cookie method the lifetime flag not working as expected Product: Apache httpd-2 Version: 2.2.24 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_rewrite Assignee: bugs@httpd.apache.org Reporter: srinivas.meganath@wipro.com HI, We are using the Apache 2.2.24 on Red Hat Linux. In Mod rewrite rules, we have observed below error behavior with respect to cookie session flag. The documentation mentions that when you specify the lifetime of =E2=80=98= 0=E2=80=99 or the default value should be 0 , session cookie should persist only for the current browser session. I have tested this and this is not true (session is expired immediately).=20 Code used : CO=3Dcookie1:true:.abcxyz.com:0:/:1:1=20=20 Result: Session expires immediately =3D=3D BUG CO=3Dcookie1:true:.abcxyz.com::/:1:1=20=20 Result: Session expires immediately =3D=3D BUG CO=3Dcookie:true:.abcxyz.com=20=20 Result: Works default setting is session cookie. But this cookie is not se= cure and HTTP only. We have to set cookie which is persist only for the current browser session= and secure and HTTP only with path. Please let us know if any solutions available for this. DO let me know if you need any other information. Thanks and Regards, Srinivas M, CISSP. --=20 You are receiving this mail because: You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org