You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Adam Sussman <my...@vishnu.vidya.com> on 2002/07/16 19:18:34 UTC
[PATCH] mod_rewrite and cookie setting
The new cookie setting feature of mod_rewrite adds the Set-Cookie header
to r->headers_out. Shouldn't this be r->err_headers_out instead?
The error headers are always present whereas the the normal headers do not
appear under error conditions. In applications where I have an apache
module setting cookies, I have always found that setting err_headers_out
gives me the complete coverage that I want.
Thoughts?
-adam
Attached is a patch to set err_headers_out instead:
Index: mod_rewrite.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v
retrieving revision 1.124
diff -u -r1.124 mod_rewrite.c
--- mod_rewrite.c 10 Jul 2002 06:01:10 -0000 1.124
+++ mod_rewrite.c 16 Jul 2002 17:15:33 -0000
@@ -4162,12 +4162,7 @@
: NULL,
NULL);
-
- /*
- * XXX: should we add it to err_headers_out as well ?
- * if we do we need to be careful that only ONE gets sent out
- */
- apr_table_add(r->headers_out, "Set-Cookie", cookie);
+ apr_table_add(r->err_headers_out, "Set-Cookie", cookie);
rewritelog(r, 5, "setting cookie '%s' to '%s'", var, val);
}
}
Re: [PATCH] mod_rewrite and cookie setting
Posted by Brian Degenhardt <bm...@mp3.com>.
On Tue, Jul 16, 2002 at 12:15:41PM -0700, Adam Sussman wrote:
> On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote:
> > Adam Sussman wrote:
> > > The new cookie setting feature of mod_rewrite adds the Set-Cookie header
> > > to r->headers_out. Shouldn't this be r->err_headers_out instead?
> > >
> > > The error headers are always present whereas the the normal headers do not
> > > appear under error conditions. In applications where I have an apache
> > > module setting cookies, I have always found that setting err_headers_out
> > > gives me the complete coverage that I want.
> > >
> > > Thoughts?
> > yep.. a couple of them
> > the original patch has err_headers_out and it didn't work as we would
> > get multiple cookies back on a simple request on GET / on a standard
> > install.
> >
>
> hmm... I cannot reproduce this behaviour. So far as I can see, the only
> difference is whether or not the cookie header appears in non-200 reponses.
> Can you show me the configuration you used?
Here's an example that will trigger the same cookie being set twice
when the cookies are in err_headers_out:
RewriteRule ^(.*)$ - [CO=MYCOOKIE:$1:.apache.org]
If you used this and requested / it would get an internal redirecto to
/index.html, therefore you'd get two SetCookie headers, one for
MYCOOKIE=/ and another for MYCOOKIE=/index.html
This could be a problem for you.
However, if it's not in err_headers_out there's even a bigger problem.
mod_rewrite uses internal redirects for rewrite rules that are placed
in <Directory> and <Location> tags because the directory_walk and
location_walk phases execute after the translate_name phase.
Therefore, if you don't put the cookie in err_headers_out, it will get
set in r->main, then the internal_redirect issues and the cookie never
gets sent to the requestor.
So we're screwed either way. One way I've thought of to fix this is
to alter mod_rewrite so that it translates the name in the
map_to_storage phase for rules inside of <Directory> and <Location>
sections. I haven't tried this though. Any thoughts?
-bmd
Re: [PATCH] mod_rewrite and cookie setting
Posted by Adam Sussman <my...@vishnu.vidya.com>.
On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote:
> Adam Sussman wrote:
> > The new cookie setting feature of mod_rewrite adds the Set-Cookie header
> > to r->headers_out. Shouldn't this be r->err_headers_out instead?
> >
> > The error headers are always present whereas the the normal headers do not
> > appear under error conditions. In applications where I have an apache
> > module setting cookies, I have always found that setting err_headers_out
> > gives me the complete coverage that I want.
> >
> > Thoughts?
> yep.. a couple of them
> the original patch has err_headers_out and it didn't work as we would
> get multiple cookies back on a simple request on GET / on a standard
> install.
>
hmm... I cannot reproduce this behaviour. So far as I can see, the only
difference is whether or not the cookie header appears in non-200 reponses.
Can you show me the configuration you used?
-adam
Re: [PATCH] mod_rewrite and cookie setting
Posted by Ian Holsman <ia...@apache.org>.
Adam Sussman wrote:
> The new cookie setting feature of mod_rewrite adds the Set-Cookie header
> to r->headers_out. Shouldn't this be r->err_headers_out instead?
>
> The error headers are always present whereas the the normal headers do not
> appear under error conditions. In applications where I have an apache
> module setting cookies, I have always found that setting err_headers_out
> gives me the complete coverage that I want.
>
> Thoughts?
yep.. a couple of them
the original patch has err_headers_out and it didn't work as we would
get multiple cookies back on a simple request on GET / on a standard
install.
>
> -adam
>
> Attached is a patch to set err_headers_out instead:
>
> Index: mod_rewrite.c
> ===================================================================
> RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v
> retrieving revision 1.124
> diff -u -r1.124 mod_rewrite.c
> --- mod_rewrite.c 10 Jul 2002 06:01:10 -0000 1.124
> +++ mod_rewrite.c 16 Jul 2002 17:15:33 -0000
> @@ -4162,12 +4162,7 @@
> : NULL,
> NULL);
>
> -
> - /*
> - * XXX: should we add it to err_headers_out as well ?
> - * if we do we need to be careful that only ONE gets sent out
> - */
> - apr_table_add(r->headers_out, "Set-Cookie", cookie);
> + apr_table_add(r->err_headers_out, "Set-Cookie", cookie);
> rewritelog(r, 5, "setting cookie '%s' to '%s'", var, val);
> }
> }
>