You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/03/02 09:01:18 UTC
[Bug 57652] New: Contents of cookie are URL encoded using
mod_log_config %{VARNAME}C
https://bz.apache.org/bugzilla/show_bug.cgi?id=57652
Bug ID: 57652
Summary: Contents of cookie are URL encoded using
mod_log_config %{VARNAME}C
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P2
Component: mod_log_config
Assignee: bugs@httpd.apache.org
Reporter: gmillikan@t1shopper.com
When written to the log, cookies are URL encoded when using %{VARNAME}C. For
example a cookie received in the request headers as
"cAsPuTNpqas,6rrgB7T-6kGQbf4" becomes the following when written to the log,
"cAsPuTNpqas%2C6rrgB7T-6kGQbf4"
Please update documentation at
https://httpd.apache.org/docs/current/mod/mod_log_config.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57652] Contents of cookie are URL encoded using mod_log_config
%{VARNAME}C
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57652
--- Comment #3 from Geoff Millikan <gm...@t1shopper.com> ---
For posterity, this is PHP gotcha:
PHP's popular setcookie() function URL-encodes the cookie when pushing it out
to the client browser as the documentation says. The corresponding function
session_id() both reads the cookie from the HTTP request headers AND
URL-decodes it. The URL-decoding isn't mentioned in the PHP documentation.
Happy session handling,
--Geoff
https://php.net/manual/en/function.setcookie.php
https://php.net/manual/en/function.session-id.php
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57652] Contents of cookie are URL encoded using mod_log_config
%{VARNAME}C
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57652
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Eric Covener <co...@gmail.com> ---
Doesn't do that for me. It should only escape quotes and unprintables.
$ grep common built/conf/httpd.conf
LogFormat "%a %h %l %u %t \"%r\" %>s %b %f %D %{foo}C" common
CustomLog "logs/access_log" common
$ wget -qS --header="Cookie: foo=bar,baz" http://localhost/index.html -O-
HTTP/1.1 200 OK
Date: Mon, 02 Mar 2015 17:52:25 GMT
Server: Apache/2.5.0-dev (Unix) OpenSSL/1.0.1f
Last-Modified: Fri, 23 Jan 2015 17:26:26 GMT
ETag: "0-50d5516994c52"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
$ tail -1 built/logs/access_log
127.0.0.1 127.0.0.1 - - [02/Mar/2015:17:52:25 +0000] "GET /index.html HTTP/1.1"
200 - /home/covener/public_html/index.html 306 bar,baz
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57652] Contents of cookie are URL encoded using mod_log_config
%{VARNAME}C
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57652
Geoff Millikan <gm...@t1shopper.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEEDINFO |RESOLVED
--- Comment #2 from Geoff Millikan <gm...@t1shopper.com> ---
My bad. This is not an Apache bug. This is happening downstream in PHP or
MySQL downstream. Sorry for the trouble. Confirmed everything is ok on
Apache/2.2.29 per output below. Nice debug script, thanks Eric.
$ grep PHPSESSID /etc/httpd/conf/httpd.conf
LogFormat
"%h\t%l\t%u\t%t\t%r\t%>s\t%b\t%{Referer}i\t%{User-Agent}i\t%{PHPSESSID}C"
combinedcookie
$ wget --server-response --no-check-certificate --header="Cookie:
PHPSESSID=pOoq97tCR5N,PWnoQMlIoLitbT0"
https://www.t1shopper.com/contactus/index.php
--2015-03-03 05:12:38-- https://www.t1shopper.com/contactus/index.php
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 05:12:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
Cache-Control: public
Connection: close
Content-Type: text/html
Length: unspecified [text/html]
Saving to: `index.php'
$ cat /var/log/httpd/t1shopper_access_log | grep 127.0.0.1
127.0.0.1 - - [03/Mar/2015:05:12:38 +0000] GET
/contactus/index.php HTTP/1.0 200 17532 - Wget/1.11.4 Red Hat
modified pOoq97tCR5N,PWnoQMlIoLitbT0
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org