httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <hart...@ooo.lanl.gov>
Subject WWW Form Bug Report: "Multiple Set-Cookie headers" on Solaris 2.x (fwd)
Date Wed, 22 May 1996 15:39:34 GMT
 
> Submitter: dwb@netpsace.org
> Operating system: Solaris 2.x, version: 
> Version of Apache Used: 1.0.3
> Extra Modules used: 
> URL exhibiting problem: 
> 
> Symptoms:
> --
> The server inappropriately munges the Set-Cookie
> headers when more than one is sent by a program. For
> instance, a program that sends:
> ---
> Content-type: text/html
> Set-Cookie: foo=bar; expires=<future-date>
> Set-Cookie: biz=bam; expires=<future-date>
> ---
> Will be sent as:
> ---
> HTTP/1.0 200 OK
> Date: <date>
> Server: Apache/1.0.3
> Content-type: text/html
> Set-Cookie: foo=bar; expires=<future-date>, biz=bam; expires=<future-date>
> ---
> This is invalid according to the Netscape cookie
> specs, and the Netscape browser version 2.x and 
> 3.x will only store the first cookie (i.e. foo=bar).


This is a design flaw in the Netscape Cookie spec. Apache combines the
headers according to the HTTP spec, but the people who designed Netscape
cookies didn't take this into account.

A fix might be added to Apache 1.1


rob.

Mime
View raw message