You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2018/03/22 15:17:45 UTC
[Bug 62213] New: "Header append" description should mention that the
Set-Cookie header is an exception to the standard.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62213
Bug ID: 62213
Summary: "Header append" description should mention that the
Set-Cookie header is an exception to the standard.
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: tsteiner@nerdclub.net
Target Milestone: ---
At https://httpd.apache.org/docs/current/mod/mod_headers.html#header where the
"add" and "append" actions are described, the reader is told to not set a
header multiple times, but instead to combine multiple header values into a
comma separated list. This is normally correct. However, RFC 6265 specifies
the following:
"An origin server can include multiple Set-Cookie header fields in a single
response."
and
"Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single
header field."
So, if the reader follows the documented advice and appends to an existing
Set-Cookie header, the results can be undesirable. For example, I had an
existing cookie's domain attribute changed to that of the cookie I was
appending. Could you please add a note that while "Header add" usually isn't
the correct choice, there's an exception for the "Set-Cookie" header?
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org