You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/01/15 13:07:06 UTC
[Bug 56014] New: MOd rewrite CO Cookie method the lifetime flag not
working as expected
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
Bug ID: 56014
Summary: MOd rewrite CO Cookie method the lifetime flag not
working as expected
Product: Apache httpd-2
Version: 2.2.24
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_rewrite
Assignee: bugs@httpd.apache.org
Reporter: srinivas.meganath@wipro.com
HI,
We are using the Apache 2.2.24 on Red Hat Linux.
In Mod rewrite rules, we have observed below error behavior with respect to
cookie session flag.
The documentation mentions that when you specify the lifetime of ‘0’ or the
default value should be 0 , session cookie should persist only for the
current browser session. I have tested this and this is not true (session is
expired immediately).
Code used :
CO=cookie1:true:.abcxyz.com:0:/:1:1
Result: Session expires immediately == BUG
CO=cookie1:true:.abcxyz.com::/:1:1
Result: Session expires immediately == BUG
CO=cookie:true:.abcxyz.com
Result: Works default setting is session cookie. But this cookie is not secure
and HTTP only.
We have to set cookie which is persist only for the current browser session and
secure and HTTP only with path.
Please let us know if any solutions available for this.
DO let me know if you need any other information.
Thanks and Regards,
Srinivas M, CISSP.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
--- Comment #2 from Antoine Prevosto <an...@gmail.com> ---
I am facing the same problem with Apache 2.2.22. I can supply you the response
headers for such configurations :
1. CO=cookieName:cookieValue:abcxyz.com:0:/context/:1:1
Reponse headear :
Set-Cookie: cookieName=cookieValue; path=/context/; domain=abcxyz.com;
expires=Sun, 20-Apr-2014 12:56:17 GMT; secure; HttpOnly
This does NOT create a session cookie but an already expired cookie (expires
after 0 seconds)
2. CO=cookieName:cookieValue:abcxyz.com::/context/:1:1
Reponse headear :
Set-Cookie: cookieName=cookieValue; path=1; domain=abcxyz.com; expires=Sun,
20-Apr-2014 12:58:17 GMT; secure
This seems to be an invalid syntax, because "::" seems to be treated as ":"
3. CO=cookieName:cookieValue:abcxyz.com
Reponse headear :
Set-Cookie: cookieName=cookieValue; path=/; domain=abcxyz.com
This is valid, but does not allow to create a SESSION cookie with a specific
PATH or SECURE or HTTPONLY flag.
Brgds
Antoine Prevosto
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
Antoine Prevosto <an...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
--- Comment #5 from Eric Covener <co...@gmail.com> ---
proposed for backport, udpated doc to point out that is not possible in 2.2
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
--- Comment #6 from Antoine Prevosto <an...@gmail.com> ---
Thanks for your quick answer !
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
Antoine Prevosto <an...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |antoine.prevosto@gmail.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
Daniel Gruno <hu...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Daniel Gruno <hu...@apache.org> ---
I cannot reproduce this on 2.4, so the issue (if it exists) must have been
fixed, but I cannot see anything mentioned in CHANGES.
Can you please supply us with the server response headers from your request?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
--- Comment #4 from Eric Covener <co...@gmail.com> ---
The mod_rewrite doc refactoring got backported after that revision, which gives
the bad info for the CO flag.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56014] MOd rewrite CO Cookie method the lifetime flag not
working as expected
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
--- Comment #3 from Eric Covener <co...@gmail.com> ---
2.2 needs http://svn.apache.org/viewvc?view=revision&revision=664333
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org