httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject mod_rewrite cookies
Date Sat, 19 Jul 2008 16:08:01 GMT
Reviewing the backport proposal in STATUS, it amounts to

It still seems to be at risk of generating a malformed cookie,
if secure is unset (NULL) but httponly is set.

Shouldn't it guard against this by reporting a syntax error if
secure (or indeed httponly) is set to an unrecognised value?
Or have I just been staring at a screen for too long?

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message