You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Martin Pool <mb...@linuxcare.com.au> on 2000/12/06 04:42:11 UTC

mod_usertrack

mod_usertrack.c uses this code to scan through the Cookie header
looking for its cookie, which is typically called `Apache'.  

    if ((cookie = ap_table_get(r->headers_in, "Cookie")))
        if ((value = strstr(cookie, dcfg->cookie_name))) {
            char *cookiebuf, *cookieend;

            value += strlen(dcfg->cookie_name) + 1;  /* Skip over the '=' */
            cookiebuf = ap_pstrdup(r->pool, value);
            cookieend = strchr(cookiebuf, ';');
            if (cookieend)
                *cookieend = '\0';      /* Ignore anything after a ; */

            /* Set the cookie in a note, for logging */
            ap_table_setn(r->notes, "cookie", cookiebuf);

            return DECLINED;    /* There's already a cookie, no new one */
        }

The strstr seems a little weak: I think this code will get confused by
other cookies or cookie values which happen to contain `Apache' or
whatever the name is.  It's not a very likely problem, but I wanted to
at least mention it.

-- 
Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
mbp@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.