httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew <>
Subject Re: a possible bug (compat prob?) in Apache 1.0 (fwd)
Date Tue, 26 Dec 1995 14:49:16 GMT
must .. remain .. calm, need  ..  to  .. go .. out more.

So this has nothing to do with mod_cookies.c, period.

What it does have to do with is this cryptic line in the NS spec
for how the 'Set-Cookie' header gets sent out by the server:

	"Additional Notes
	Multiple Set-Cookie headers can be issued in a single
	server response."

So, how do you suppose they do this?  There seem to be 2 options:

1)	Set-Cookie: Foo=Bar
	Set-Cookie: Baz=Bumble

2)	Set-Cookie: Foo=Bar, Baz=Bumble

Apache breaks (1).  Outgoing headers are manipulated using table_set
which overwrites previous values (table_append anyone?), and so
only the last Set-Cookie: header coming from the script is honoured.
This doesn't happen with multiple 'header:' lines coming from the
client, when:

	Accept: foo/bar
	Accept: baz/bumble

are transmogrified into 

	Accept: foo/bar, baz/bumble

by the server, before being made available to modules or CGI.

As it stands the server *is* able to send out a header like (2),
which means that the script sending these headers has to know that
it needs to use comma delimiters.

Ay 	[who clearly has nothing better to do today than send spurious
	e-mail around the globe]

> > Forwarded message:
> > > From  Mon Dec 25 20:23:58 1995
> > > From: John Stoner <>
> > > Subject: a possible bug (compat prob?) in Apache 1.0
> > > X-URL:
> > > Content-Type: text/plain; charset=us-ascii
> > > Content-Transfer-Encoding: 7bit
> > > 
> > > I am trying to develop a simple cookie-handling library in perl.  I have part

> > > of it, and I am testing it on an Apache 1.0 server, using a Netscape 
> > > client.
> > [snip]

View raw message