httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <l...@eilebrecht.net>
Subject CacheIgnoreHeaders not working correctly
Date Mon, 09 Feb 2009 20:21:31 GMT
Hi,

I have a question about the header handling logic of
mod_cache/mod_disk_cache.

With an installation running mod_disk_cache and a custom module
which fiddles with Cookie and Set-Cookie headers I am running into
the problem that mod_disk_cache was storing Set-Cookie headers
in the cache. It is ignoring the "CacheIgnoreHeaders Set-Cookie".

In mod_disk_cache's store_header() function we have this code:

        apr_table_t *headers_out;

        headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out,
                                                  r->server);
        [...]
        headers_out = apr_table_overlay(r->pool, headers_out,
                                        r->err_headers_out);
        rv = store_table(dobj->hfd, headers_out);

So it copies r->headers_out to the local headers_out variable, and
removes all unwanted headers. However, then r->err_headers_out
gets merged into headers_out which is then stored in the cache.

Is there a reason why this is done? This could lead to quite a
number of headers being stored in the cache such as Set-Cookie.
Which happens in my case as the custom module operates on
r->err_headers_out.

So a potential fix would be to merge r->headers_out and
r->err_headers_out into the local headers_out variable, then
filter the unwanted headers, and store the result.

This seems to work, but maybe I'm missing something.

ciao...
-- 
Lars Eilebrecht
lars@eilebrecht.net


Mime
View raw message