httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Eberhard <ryan.eberh...@entegrity.com>
Subject Re: [PATCH] Bug 18388: Set-Cookie header not honored on 304 (Not modified) status
Date Thu, 03 Jul 2003 14:37:32 GMT
No one seems to have bitten on this patch...  I have to admit that I 
don't really like modifying server_rec and adding another configuration 
directive either.

Would the group be more amenable to a patch that prevented the server 
from returning a 304 (Not Modified) code when a Set-Cookie header is 
present?  This would reduce (hopefully slightly) the effectiveness of 
the browser cache, but only when the server has a Set-Cookie header to 
send.  This should address the concern raised that cached page contents 
and cookie values remain in-synch.

Ryan Eberhard

Ryan Eberhard wrote:

> I noticed one minor correction.  In the comment line for the change to 
> httpd.h I transposed "304" with "403".  The comment line should read:
>
>"/** Allow SetCookie header on HTTP Not Modified (304) status? */"
>
>
> Ryan Eberhard wrote:
>
>> Attached is a patch to add a configuration directive to control 
>> whether the server is allowed to issue Set-Cookie headers when the 
>> HTTP status is 304 (Not Modified).
>>
>> Files changed:
>> http-2.0/include/httpd.h -- Added allow_setcookie_on_not_modfied 
>> member to server_rec
>> http-2.0/server/config.c -- Initialization of new member to 0 to 
>> preserve current behavior
>> http-2.0/modules/http/http_core.c -- Define directive and set...() 
>> method
>> http-2.0/modules/http/http_protocol.c -- Emit Set-Cookie header if 
>> status is 304 and directive allows
>>
>> Tests (performed with sniffer):
>> Status 200, directive missing -> Set-Cookie processed
>> Status 304, directive missing -> Set-Cookie ignored
>> Status 200, directive set to "Off" -> Set-Cookie processed
>> Status 304, directive set to "Off" -> Set-Cookie ignored
>> Status 200, directive set to "On" -> Set-Cookie processed
>> Status 304, directive set to "On" -> Set-Cookie processed
>>
>> I didn't see the source for the online documentation, e.g. "Directive 
>> Index" and "Apache Core Features" (with the list of configuration 
>> directives).  If someone would please point me to that source base, I 
>> will gladly submit a patch for the documentation too.
>>
>> Ryan Eberhard wrote:
>>
>>>> --On Wednesday, June 4, 2003 11:33 AM -0400 Ryan Eberhard 
>>>> <ryan.eberhard@entegrity.com> wrote:
>>>>
>>>> > I would appreciate the compromise where this behavior could be 
>>>> configured,
>>>> > particularly if there is a way for a module to update the behavior
>>>> > programmatically, e.g. without having to edit the configuration 
>>>> file.
>>>>
>>>> You are free to submit a patch that does this.  -- justin
>>>
>>>
>>>
>>> Thanks.  I will take this on.  My initial thought is that this would 
>>> be configured at server level and there probably should be a 
>>> configuration directive, e.g. AllowSetCookieOnNotModified On | Off.
>>>
>>> I searched the site and did not see a document describing naming 
>>> conventions for directives.  If there is one and someone could send 
>>> me the link, I would appreciate it.
>>>
>>> Ryan
>>>
>>>
>>
>>------------------------------------------------------------------------
>>
>>--- httpd.h.old	2003-06-06 13:04:18.000000000 -0400
>>+++ httpd.h	2003-06-06 11:00:57.000000000 -0400
>>@@ -1111,6 +1111,9 @@
>>     int limit_req_fieldsize;
>>     /** limit on number of request header fields  */
>>     int limit_req_fields; 
>>+    
>>+    /** Allow SetCookie header on HTTP Not Modified (403) status? */
>>+    int allow_setcookie_on_not_modified;
>> };
>> 
>> typedef struct core_output_filter_ctx {
>>  
>>
>>------------------------------------------------------------------------
>>
>>--- config.c.old	2003-06-06 13:01:52.000000000 -0400
>>+++ config.c	2003-06-06 11:01:55.000000000 -0400
>>@@ -1722,7 +1722,9 @@
>>     s->limit_req_line = main_server->limit_req_line;
>>     s->limit_req_fieldsize = main_server->limit_req_fieldsize;
>>     s->limit_req_fields = main_server->limit_req_fields;
>>-
>>+	
>>+    s->allow_setcookie_on_not_modified = 0;
>>+    
>>     *ps = s;
>> 
>>     return ap_parse_vhost_addrs(p, hostname, s);
>>  
>>
>>------------------------------------------------------------------------
>>
>>--- http_core.c.old	2003-06-06 13:05:38.000000000 -0400
>>+++ http_core.c	2003-06-06 11:08:04.000000000 -0400
>>@@ -127,6 +127,18 @@
>>     return NULL;
>> }
>> 
>>+static const char *set_allow_setcookie_on_not_modified(cmd_parms *cmd, 
>>+                                                       void *dummy, int arg)
>>+{
>>+    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
>>+    if (err != NULL) {
>>+        return err;
>>+    }
>>+
>>+    cmd->server->allow_setcookie_on_not_modified = (arg != 0);
>>+    return NULL;
>>+}
>>+
>> static const command_rec http_cmds[] = {
>>     AP_INIT_TAKE1("KeepAliveTimeout", set_keep_alive_timeout, NULL, RSRC_CONF,
>>                   "Keep-Alive timeout duration (sec)"),
>>@@ -134,6 +146,11 @@
>>      "Maximum number of Keep-Alive requests per connection, or 0 for infinite"),
>>     AP_INIT_TAKE1("KeepAlive", set_keep_alive, NULL, RSRC_CONF,
>>                   "Whether persistent connections should be On or Off"),
>>+    AP_INIT_FLAG("AllowSetCookieOnNotModified", 
>>+                 set_allow_setcookie_on_not_modified, 
>>+                 NULL, RSRC_CONF,
>>+                 "Whether allowing Set-Cookie headers on HTTP Not \
>>+                 Modified (304) status should be On or Off"),
>>     { NULL }
>> };
>> 
>>  
>>
>>------------------------------------------------------------------------
>>
>>--- http_protocol.c.old	2003-06-06 13:05:39.000000000 -0400
>>+++ http_protocol.c	2003-06-06 13:08:38.000000000 -0400
>>@@ -1683,6 +1683,12 @@
>>                      "WWW-Authenticate",
>>                      "Proxy-Authenticate",
>>                      NULL);
>>+        if (r->server->allow_setcookie_on_not_modified) {
>>+            const char *sch = apr_table_get(r->headers_out, "Set-Cookie");
>>+            if (sch != NULL) {
>>+                form_header_field(&h, "Set-Cookie", sch);
>>+            }
>>+        }
>>     }
>>     else {
>>         send_all_header_fields(&h, r);
>>  
>>
>


Mime
View raw message