You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Aaron Gowatch <aa...@divinia.com> on 1998/07/14 21:45:14 UTC
general/2615: Set-Cookie not sent with Redirect response headers
>Number: 2615
>Category: general
>Synopsis: Set-Cookie not sent with Redirect response headers
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Tue Jul 14 12:50:01 PDT 1998
>Last-Modified:
>Originator: aarong@divinia.com
>Organization:
apache
>Release: 1.3.0
>Environment:
Linux lula.divinia.com 2.0.33 #3 Mon Mar 16 16:39:42 PST 1998 i586 unknown
gcc version 2.7.2.3
>Description:
Set-Cookies set in r->headers_out set by modules such as mod_usertrack are dropped if response is redirect. I'm unable to find anything that says its illegal to send a Set-Cookie along with a 302 response, but such documentation may exist.
>How-To-Repeat:
Example URL: http://www.divinia.com/redirect/1024/www.apache.org/
mod_usertrack cookies are enabled in httpd.conf, which are served when requesting a URL such as:
http://www.divinia.com/
>Fix:
If its not illegal to send Set-Cookies with 302's, special case them in main/http_protocol.c. The following patch has worked for me:
diff -u -r1.1.1.1 http_protocol.c
--- http_protocol.c 1998/06/24 03:18:48 1.1.1.1
+++ http_protocol.c 1998/06/24 23:27:25
@@ -1942,6 +1942,7 @@
int idx = ap_index_of_response(status);
char *custom_response;
char *location = ap_table_get(r->headers_out, "Location");
+ char *cookie = ap_table_get(r->headers_out, "Set-Cookie");
/* We need to special-case the handling of 204 and 304 responses,
* since they have specific HTTP requirements and do not include a
@@ -1997,6 +1998,9 @@
if (location && *location
&& (is_HTTP_REDIRECT(status) || status == HTTP_CREATED))
ap_table_setn(r->headers_out, "Location", location);
+
+ if (cookie && *cookie)
+ ap_table_setn(r->headers_out, "Set-Cookie", cookie);
r->content_language = NULL;
r->content_languages = NULL;
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]