httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57044] New: [PatchAvailable] Use base64url in mod_unique_id ('_' instead of '@')
Date Mon, 29 Sep 2014 20:00:22 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=57044

            Bug ID: 57044
           Summary: [PatchAvailable] Use base64url in mod_unique_id ('_'
                    instead of '@')
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_unique_id
          Assignee: bugs@httpd.apache.org
          Reporter: mik4@gmx.ch

Created attachment 32070
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=32070&action=edit
Use base64url in mod_unique_id

mod_unique_id should use the '_' character instead of the '@' character to
encode request IDs. This means switching to base64url (as specified in RFC
4648).

The main reason for this change is that the '@' character causes problems when
used in cookie values: Recent Tomcat versions crop cookie values at the first
'@', because it is a "token separator" in HTTP (see
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html ,
ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0 ).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message