httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 60910] New: Do not send Set-Cookie twice
Date Fri, 24 Mar 2017 04:50:03 GMT

            Bug ID: 60910
           Summary: Do not send Set-Cookie twice
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_session_cookie
  Target Milestone: ---

Created attachment 34874
Do not send Set-Cookie twice

mod_session_cookie uses ap_cookie_write() with r->headers_out and
r->err_headers_out. The former causes a Set-Cookie header to be added on
successful requests, while the later causes a Set-Cookie header to always be

As a result, successful requests get a duplicated Set-Cookie header and it
confuses some clients. The attached patch fixes that by using only
r->err_headers_out, which as its name does not suggests, causes Set-Cookie to
be always added, regardless of error status.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message