httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Proxy Cookie Support (Bug #10722)
Date Fri, 25 Jun 2004 12:39:07 GMT
Nick Kew wrote:
> I recently patched bug 10722.  My patch was against 2.0.49, for a Client
> who needed it in a hurry.
> I'm just porting it to 2.1-HEAD.  In doing so, I find there's an existing
> patch that saves and restores cookies without rewriting the Domain and
> Path components.  AFAICS my patch would/should supersede that one.
> But I'm reluctant to do so without understanding the purpose of the
> other patch.
> The other patch is at
> It appears just to merge Set-Cookie headers in r->err_headers_out with
> those in r->headers_out.  The latter have just come from the backend
> (the server proxied).  But how/why should there be (any) cookies in
> r->err_headers_out at this point?  Presumably they'd be from the proxy
> rather than the backend?  And why merge them into a normal 2xx response?

This is so Cookies added my the local proxy server (Apache) via
internal custom modules do not loose those cookies when used also
as a proxy. If a module has added Cookie information we should
honor that and maintain it as is. Roy and I talked about
this and both agreed that it made sense hence the patch.

In this case, it should NOT rewrite the domain/path info, since
that would destroy the utility of that cookie, since it is
a cookie generated by, and used by, the proxy server and not
the origin server. Rewriting would make that bogus.

   Jim Jagielski   [|]   [|]
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

View raw message