httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew <>
Subject Re: Apache and Cookies...
Date Fri, 29 Dec 1995 14:06:43 GMT
> >1)      Apache 1.0.0  will only send the last of the
> >
> >        Set-Cookie: foo=bar; ...
> >        Set-Cookie: baz=bumble; ...
> >
> >        headers out of a conventional cgi script (as expected).
> This is a fundemental design flaw in both CGI and Apache. We should fix the
> latter. (The former only occurred to me yesterday.)

Would a good fix be for Apache to treat outgoing headers the same
way that it treats incoming headers?  Multiple Accept headers are
resolved to a single header containing comma delimited elements:

	Accept: foo, bar, baz

util_script.c contains the scan_script_header() routine which reads
header produced by CGI scripts.  Right at the end of the routine
it's calling:

	table_set (r->headers_out, w, l);

the simplest fix would be to change this to read:

	table_merge(r->headers_out, w, l);

But this *would* cause problems for already working Netsite cookie
magic.  NS's browsers don't understand what

	Set-Cookie: foo, bar, baz 

means and prefer:

	Set-Cookie: foo
	Set-Cookie: bar
	Set-Cookie: baz

Ok, so another option is for apache to be able to send out multiple
lines with the same header.  So there's no overwriting by table_set,
nor would there be comma delimiting by table_merge.

I guess it's just a case of deciding what is the 'correct' way to
do this, implementing it and then telling people to fix their
browsers if needs be.  Easy eh? ;)

>  David.  


View raw message