httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <>
Subject Re: [users@httpd] Question about Apache feature - Headers are concatenated with comma (mod_proxy and also with mod_weblogic)
Date Fri, 11 Mar 2011 13:35:18 GMT
On Fri, Mar 11, 2011 at 8:11 AM, Margus Pärt <> wrote:
> Apache seems to do the following trick with headers:
> Connection goes in:
> GET / HTTP/1.0
> Cookie: name=Value
> Cookie: name2=Value;name3=Value
> ...
> But is forwarded to backend so:
> GET / HTTP/1.0
> Cookie: name=Value,name2=Value;name3=Value
> ...
> Can this comma be changed to ";"?

No, the code that performs the merge doesn't know Cookie from
ApplePie.  This merge is allowed by the HTTP RFCs, and expected by
Apache mods/CGIs/etc.  Essentially, any multi-instance requst header
fields must be combinable with ",".

(insert discussion of different cookie formats)

IIRC, by default the WLS cookie parsing (underneath the servlet
getCookies() API) doesn't handle this particular merge by default but
at least some versions of WLS have an option (some startup property?)
to relax the parsing rules and work around this issue, resolving the
problem you encountered.  I also recall that if you look across a
number of different cookie parsers underneath different programming
environments you'll see some that relax the interpretation and some
that don't.

This can be solved by parsing Cookie yourself or convincing
getCookies() to do the right thing.  (What about storing Cookies in
another format which would allow different Cookie headers to be merged
in an unambiguous manner?  I just don't know the details of the
alternative formats.)

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message