httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Degenhardt <...@mp3.com>
Subject Re: [PATCH] mod_rewrite and cookie setting
Date Wed, 17 Jul 2002 23:06:24 GMT
On Tue, Jul 16, 2002 at 12:15:41PM -0700, Adam Sussman wrote:
> On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote:
> > Adam Sussman wrote:
> > > The new cookie setting feature of mod_rewrite adds the Set-Cookie header
> > > to r->headers_out.  Shouldn't this be r->err_headers_out instead?
> > > 
> > > The error headers are always present whereas the the normal headers do not
> > > appear under error conditions.  In applications where I have an apache
> > > module setting cookies, I have always found that setting err_headers_out
> > > gives me the complete coverage that I want.
> > > 
> > > Thoughts?
> > yep.. a couple of them
> > the original patch has err_headers_out and it didn't work as we would 
> > get multiple cookies back on a simple request on GET / on a standard 
> > install.
> > 
> 
> hmm... I cannot reproduce this behaviour.  So far as I can see, the only
> difference is whether or not the cookie header appears in non-200 reponses.
> Can you show me the configuration you used?

Here's an example that will trigger the same cookie being set twice
when the cookies are in err_headers_out:

RewriteRule ^(.*)$ - [CO=MYCOOKIE:$1:.apache.org]

If you used this and requested / it would get an internal redirecto to
/index.html, therefore you'd get two SetCookie headers, one for
MYCOOKIE=/ and another for MYCOOKIE=/index.html
This could be a problem for you.

However, if it's not in err_headers_out there's even a bigger problem.
mod_rewrite uses internal redirects for rewrite rules that are placed
in <Directory> and <Location> tags because the directory_walk and
location_walk phases execute after the translate_name phase.
Therefore, if you don't put the cookie in err_headers_out, it will get
set in r->main, then the internal_redirect issues and the cookie never
gets sent to the requestor.

So we're screwed either way.  One way I've thought of to fix this is
to alter mod_rewrite so that it translates the name in the
map_to_storage phase for rules inside of <Directory> and <Location>
sections.  I haven't tried this though.  Any thoughts?

-bmd

Mime
View raw message