You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/07/31 12:35:36 UTC

DO NOT REPLY [Bug 44799] Allow mod_rewrite Cookie option to set secure and HttpOnly flags

https://issues.apache.org/bugzilla/show_bug.cgi?id=44799


Marc Stern <ma...@approach.be> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |marc.stern@approach.be




--- Comment #12 from Marc Stern <ma...@approach.be>  2008-07-31 03:35:35 PST ---
I ignore the way cookie parts are internally stored, but are they always stored
in this order (expires:path:secure:HttpOnly) ?
Couldn't we have ...:HttpOnly:secure ?
If so, we could end up with comparing strings with the wrong cookie part.

Also, in the internal format, "secure" and "httponly" could be stored as "1" or
"true" ?
In rev 664330, both"secure" and "httponly" are compared against "1" and "true",
in rev 647395 and in the attached patch, only secure is compared against "1"
and "true".
This is quite confusing ...


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org