httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject mod_rewrite cookies
Date Sat, 19 Jul 2008 16:08:01 GMT
Reviewing the backport proposal in STATUS, it amounts to

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=639465&r2=664330&pathrev=664330

It still seems to be at risk of generating a malformed cookie,
if secure is unset (NULL) but httponly is set.

Shouldn't it guard against this by reporting a syntax error if
secure (or indeed httponly) is set to an unrecognised value?
Or have I just been staring at a screen for too long?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message