You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Brendan Bank <br...@gnarst.net> on 2002/01/27 00:08:28 UTC
mod_proxy/9609: problem with libproxy and Set-Cookie headers
>Number: 9609
>Category: mod_proxy
>Synopsis: problem with libproxy and Set-Cookie headers
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Sat Jan 26 15:10:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: brendan@gnarst.net
>Release: Apache/1.3.22 (Unix)
>Organization:
apache
>Environment:
FreeBSD banzai2.gnarst.net 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #2:
Apache/1.3.22 (Unix) DAV/1.0.2 mod_ssl/2.8.5 OpenSSL/0.9.6a
>Description:
If a server actis like a proxy but inserts a Cookie it will not send
the cookie back to the client. This is caulsed by the fact that not all
r->headers_out are checked before the request is send back to the client.
>How-To-Repeat:
configure a rewrite rule:
RewriteRule ^bla/(.*) https://bla.gnarst.net/bal/$1 [P]
and have the proxy (the server which hold the configuration above this line)
insert a cookie. It will not be send back to the client.
>Fix:
*** modules/proxy/proxy_http.c 2002/01/26 22:51:58 1.1
--- modules/proxy/proxy_http.c 2002/01/26 22:56:12
***************
*** 355,363 ****
--- 355,370 ----
continue;
ap_bvputs(f, reqhdrs[i].key, ": ", reqhdrs[i].val, CRLF, NULL);
}
+ if ((cookie = ap_table_get(r->headers_out, "Set-Cookie")) != NULL) {
+ ap_bvputs(f, "Set-Cookie: ", cookie, CRLF, NULL);
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, r,
+ "ap_bvputs Set-Cookie found headers_out: %s", cookie);
+ }
+
ap_bputs(CRLF, f);
+
/* send the request data, if any. */
if (ap_should_client_block(r)) {
while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0)
***************
*** 517,524 ****
--- 524,542 ----
/* send headers */
tdo.req = r;
tdo.cache = c;
ap_table_do(ap_proxy_send_hdr_line, &tdo, resp_hdrs, NULL);
+
+ if ((cookie = ap_table_get(r->err_headers_out, "Set-Cookie")) != NULL) {
+ ap_rvputs(r, "Set-Cookie: ", cookie, CRLF, NULL);
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, r,
+ "ap_rvputs Set-Cookie found err_headers_out: %s", cookie);
+ }
+ else if ((cookie = ap_table_get(r->headers_out, "Set-Cookie")) != NULL) {
+ ap_rvputs(r, "Set-Cookie: ", cookie, CRLF, NULL);
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, r,
+ "ap_rvputs Set-Cookie found headers_out: %s", cookie);
+ }
if (!r->assbackwards)
ap_rputs(CRLF, r);
if (c != NULL && c->fp != NULL && ap_bputs(CRLF, c->fp) == -1) {
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]