httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57538] New: Serving cached cookie when mod_cache is enabled
Date Thu, 05 Feb 2015 05:54:02 GMT

            Bug ID: 57538
           Summary: Serving cached cookie when mod_cache is enabled
           Product: Apache httpd-2
           Version: 2.2.29
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_cache

We have an application protected with Access Controls for authentication and
Single Sign-On. The Application is front ended by Apache 2.2.3 (64-bit) where
an agent is setup for access control.

We've enabled mod_cache to improve application performance and also configured
to ignore caching for Access Control cookies as they are used for Single Sign

However, apache is caching the cookies which can be seen under CacheRoot
directory. Also, while accessing an application, the Apache is flipping the
user's Access-Control Cookie (say user_1) with another Access-Control cached
cookie of another user (say user_2). 

We've set below mod_cache configuration in Apache configuration file so that
Apache should not cache Access-Control-Cookie, but it is not working

<IfModule cache_module>
    CacheRoot /opt/httpd/mod_cache
    CacheEnable disk /
   CacheStorePrivate On
    CacheIgnoreHeaders Set-Cookie Access-Control-Cookie

Please let me know if this is a bug or i am missing something.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message