You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Doug MacEachern <do...@covalent.net> on 2001/06/19 23:12:50 UTC
Requests using If-Modified-Since cause response Set-Cookie to be
discarded (fwd)
the patch after the fwd fixed the problem for him, is it intentional to
leave Set-Cookie headers out of HTTP_NOT_MODIFIED responses in
ap_send_error_response() ?
---------- Forwarded message ----------
Date: Mon, 18 Jun 2001 22:34:53 -0400
From: Andrew Gilmartin <an...@dynamicdiagrams.com>
To: modperl@apache.org
Subject: Requests using If-Modified-Since cause response Set-Cookie to be
discarded
I have PerlAuthenHandler handler that sets a cookie on authentication
success. The cookie records, in part, the time of the last access to
the site. Therefore for each access the cookie is updated. When a new
document is accessed or a CGI script is run the cookie is sent to the
browser. However, if the browser is asking for a document it has
cached it will send an If-Modified-Since header. The file delivery
mechanism in Apache will do the right thing with If-Modified-Since
information and only send the document if, in fact, it has changed.
Unfortunately, if it has not changed the cookie I set in my handler is
discarded (no matter if I use $r->header_out() or
$r->err_header_out()).
How can I force Apache to send the Set-Cookie header even if the
document being delivered has not changed? I suspect that I am not the
first person to run into this problem. A search of the list was
unsuccessful, unfortunately.
---
Andrew Gilmartin
Ingenta / Dynamic Diagrams
andrewgilmartin@dynamicdiagrams.com
--- src/main/http_protocol.c 2001/03/09 10:10:26 1.300
+++ src/main/http_protocol.c 2001/06/19 21:11:00
@@ -2637,6 +2637,7 @@
"Warning",
"WWW-Authenticate",
"Proxy-Authenticate",
+ "Set-Cookie",
NULL);
terminate_header(r->connection->client);
Re: Requests using If-Modified-Since cause response Set-Cookie to
be discarded (fwd)
Posted by Doug MacEachern <do...@covalent.net>.
On Tue, 19 Jun 2001, Roy T. Fielding wrote:
> Yes, it is intentional, and we won't be adding set-cookie to the list.
> That would violate the intent of 304.
can you expand on that? i never quote rfcs, but 1945 says:
304 Not Modified
If the client has performed a conditional GET request and access is
allowed, but the document has not been modified since the date and
time specified in the If-Modified-Since field, the server must
respond with this status code and not send an Entity-Body to the
client. Header fields contained in the response should only include
information which is relevant to cache managers or which may have
changed independently of the entity's Last-Modified date. Examples
of relevant header fields include: Date, Server, and Expires. A
cache should update its cached entity to reflect any new field
values given in the 304 response.
in this guy's case sounds like set-cookie it falls into here:
"or which may have changed independently of the entity's Last-Modified
date"
quoting his email:
"The cookie records, in part, the time of the last access to
the site. Therefore for each access the cookie is updated."
Re: Requests using If-Modified-Since cause response Set-Cookie to be discarded (fwd)
Posted by "Roy T. Fielding" <fi...@ebuilt.com>.
On Tue, Jun 19, 2001 at 02:12:50PM -0700, Doug MacEachern wrote:
> the patch after the fwd fixed the problem for him, is it intentional to
> leave Set-Cookie headers out of HTTP_NOT_MODIFIED responses in
> ap_send_error_response() ?
Yes, it is intentional, and we won't be adding set-cookie to the list.
That would violate the intent of 304.
....Roy