You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by xtophr99 <xt...@gmail.com> on 2013/06/06 22:44:48 UTC

[users@httpd] Duplicate Set-Cookie: Headers coming back from server when using mod_auth_form/mod_session

Hi,

Mod_auth_form seems to be working as intended when accessing static html
pages protected by mod_auth_form, however, when I run a packet dump, I'm
seeing duplicate identical Set-Cookie: headers coming from Apache.  I'm
running Fedora 18 using the latest RPM packages (nothing compiled
separately).

httpd-2.4.4-3.fc18
mod_session-2.4.4-3.fc18 (which includes mod_auth_form).

For 200 responses, the headers are:

Date:
Server:
Set-Cookie:
authsession=............................;Max-Age=15;path=/protected
Last-Modified:
ETag:
Accept-Ranges:
Content-Length:
Cache-Control:
Set-Cookie:
authsession=............................;Max-Age=15;path=/protected
Keep-Alive:
Connection:
Content-Type:

............................ contains the username, password, expiry
information

For 304's, the header order is:
Date:
Server:
Connection:
Keep-Alive:
ETag:
Cache-Control:
Set-Cookie:
authsession=............................;Max-Age=15;path=/protected
Set-Cookie:
authsession=............................;Max-Age=15;path=/protected


Is this standard behavior, have I done something wrong perhaps, and/or is
this going to give me problems once I start needing programs to access the
cookie data?

Thanks