You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/04/23 19:43:33 UTC

DO NOT REPLY [Bug 47085] New: Cookie header set by a access checker module is ignored on NOT-MODIFIED response.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47085

           Summary: Cookie header set by a access checker module is
                    ignored on NOT-MODIFIED response.
           Product: Apache httpd-2
           Version: 2.0.63
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: kvanand@gmail.com


This was originally seen in 2.0.48 and verified in 2.0.63

In a Module set a register an access_checker and set a cookie.

Now when the document exists on the Client and We find that its up -to -date
the server correctly sends the HTTP_NOT_MODIFIED response.

However, the response doesnt contain the cookie that was sent by the module.
This occurs even if the cookie was set in the err_headers and not just
headers_out.

I am not sure if i am looking at the right cookie.

It looks like in http_protocol.c line 1742,
We explictly use only the following headers

                    "Connection",
                     "Keep-Alive",
                     "ETag",
                     "Content-Location",
                     "Expires",
                     "Cache-Control",
                     "Vary",
                     "Warning",
                     "WWW-Authenticate",
                     "Proxy-Authenticate",

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 47085] Cookie header set by a access checker module is ignored on NOT-MODIFIED response.

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47085


Ruediger Pluem <rp...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #1 from Ruediger Pluem <rp...@apache.org>  2009-04-23 12:19:18 PST ---
According to RFC2616 10.3.5 a 304 response SHOULD NOT / MUST NOT (depending on
the conditional) any other entity headers as ones you mention. Especially the
Set-Cookie SHOULD NOT / MUST NOT be contained in the response. Doing otherwise
would break RFC2616 compliance of httpd.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org