You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/10/19 21:00:25 UTC

DO NOT REPLY [Bug 43661] New: - Cookie Latency in CGI applications

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43661>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43661

           Summary: Cookie Latency in CGI applications
           Product: Apache httpd-2
           Version: 2.0-HEAD
          Platform: PC
               URL: http://ggbts.org
        OS/Version: FreeBSD
            Status: NEW
          Keywords: APIBug
          Severity: minor
          Priority: P5
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: herbdrake@ggbts.edu


It seems that Apache loads a CGI application, launches it, and then loads 
HTTP_COOKIE into the environment in that order. If the cookie is read 
immediately, it will often be wrong -- it will be inherited from the previous 
user of the application.

The workaround is to write the application so that it runs as much unrelated 
code as possible before it reads the cookie.

(Using gnu c++ compiler on ViaVerio VPS3 2000 virtual server product.)

To test: Write simple application that reads a cookie and returns a simple HTML 
page that displays the cookie value. Access the application from two separate 
browser instances that pass different values for the same cookie on the same or 
different machines. Run the app. from one browser. Then run the app. on the 
second browser. Note that the cookie value from the first machine shows up on 
the second machine, rather than the value actually passed.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 43661] - Cookie Latency in CGI applications

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43661>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43661


jorton@redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From jorton@redhat.com  2008-02-11 05:17 -------
HTTP_COOKIE is just an environment variable containing the contents of the
Cookie request header.  How and what cookies are returned to the browsers is
entirely up to the application.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org