You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Aaron Gowatch <aa...@divinia.com> on 1998/07/14 21:45:14 UTC

general/2615: Set-Cookie not sent with Redirect response headers

>Number:         2615
>Category:       general
>Synopsis:       Set-Cookie not sent with Redirect response headers
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 14 12:50:01 PDT 1998
>Last-Modified:
>Originator:     aarong@divinia.com
>Organization:
apache
>Release:        1.3.0
>Environment:
Linux lula.divinia.com 2.0.33 #3 Mon Mar 16 16:39:42 PST 1998 i586 unknown

gcc version 2.7.2.3
>Description:
Set-Cookies set in r->headers_out set by modules such as mod_usertrack are dropped if response is redirect. I'm unable to find anything that says its illegal to send a Set-Cookie along with a 302 response, but such documentation may exist.
>How-To-Repeat:
Example URL: http://www.divinia.com/redirect/1024/www.apache.org/

mod_usertrack cookies are enabled in httpd.conf, which are served when requesting a URL such as:

http://www.divinia.com/
>Fix:
If its not illegal to send Set-Cookies with 302's, special case them in main/http_protocol.c.  The following patch has worked for me:

 diff -u -r1.1.1.1 http_protocol.c
--- http_protocol.c     1998/06/24 03:18:48     1.1.1.1
+++ http_protocol.c     1998/06/24 23:27:25
@@ -1942,6 +1942,7 @@
     int idx = ap_index_of_response(status);
     char *custom_response;
     char *location = ap_table_get(r->headers_out, "Location");
+    char *cookie = ap_table_get(r->headers_out, "Set-Cookie");
 
     /* We need to special-case the handling of 204 and 304 responses,
      * since they have specific HTTP requirements and do not include a
@@ -1997,6 +1998,9 @@
         if (location && *location
             && (is_HTTP_REDIRECT(status) || status == HTTP_CREATED))
             ap_table_setn(r->headers_out, "Location", location);
+
+        if (cookie && *cookie)
+           ap_table_setn(r->headers_out, "Set-Cookie", cookie);
 
         r->content_language = NULL;
         r->content_languages = NULL;
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]