httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Eberhard <ryan.eberh...@entegrity.com>
Subject [PATCH] Bug 18388: Set-Cookie header not honored on 304 (Not modified) status
Date Fri, 06 Jun 2003 17:25:21 GMT
Attached is a patch to add a configuration directive to control whether 
the server is allowed to issue Set-Cookie headers when the HTTP status 
is 304 (Not Modified).

Files changed:
http-2.0/include/httpd.h -- Added allow_setcookie_on_not_modfied member 
to server_rec
http-2.0/server/config.c -- Initialization of new member to 0 to 
preserve current behavior
http-2.0/modules/http/http_core.c -- Define directive and set...() method
http-2.0/modules/http/http_protocol.c -- Emit Set-Cookie header if 
status is 304 and directive allows

Tests (performed with sniffer):
Status 200, directive missing -> Set-Cookie processed
Status 304, directive missing -> Set-Cookie ignored
Status 200, directive set to "Off" -> Set-Cookie processed
Status 304, directive set to "Off" -> Set-Cookie ignored
Status 200, directive set to "On" -> Set-Cookie processed
Status 304, directive set to "On" -> Set-Cookie processed

I didn't see the source for the online documentation, e.g. "Directive 
Index" and "Apache Core Features" (with the list of configuration 
directives).  If someone would please point me to that source base, I 
will gladly submit a patch for the documentation too.

Ryan Eberhard wrote:

>> --On Wednesday, June 4, 2003 11:33 AM -0400 Ryan Eberhard 
>> <ryan.eberhard@entegrity.com> wrote:
>>
>> > I would appreciate the compromise where this behavior could be 
>> configured,
>> > particularly if there is a way for a module to update the behavior
>> > programmatically, e.g. without having to edit the configuration file.
>>
>> You are free to submit a patch that does this.  -- justin
>
>
> Thanks.  I will take this on.  My initial thought is that this would 
> be configured at server level and there probably should be a 
> configuration directive, e.g. AllowSetCookieOnNotModified On | Off.
>
> I searched the site and did not see a document describing naming 
> conventions for directives.  If there is one and someone could send me 
> the link, I would appreciate it.
>
> Ryan
>
>


Mime
View raw message