You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/02/05 06:54:02 UTC

[Bug 57538] New: Serving cached cookie when mod_cache is enabled

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

            Bug ID: 57538
           Summary: Serving cached cookie when mod_cache is enabled
           Product: Apache httpd-2
           Version: 2.2.29
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_cache
          Assignee: bugs@httpd.apache.org
          Reporter: mahi.babu@gmail.com

We have an application protected with Access Controls for authentication and
Single Sign-On. The Application is front ended by Apache 2.2.3 (64-bit) where
an agent is setup for access control.

We've enabled mod_cache to improve application performance and also configured
to ignore caching for Access Control cookies as they are used for Single Sign
On.  

However, apache is caching the cookies which can be seen under CacheRoot
directory. Also, while accessing an application, the Apache is flipping the
user's Access-Control Cookie (say user_1) with another Access-Control cached
cookie of another user (say user_2). 

We've set below mod_cache configuration in Apache configuration file so that
Apache should not cache Access-Control-Cookie, but it is not working

<IfModule cache_module>
    CacheRoot /opt/httpd/mod_cache
    CacheEnable disk /
   CacheStorePrivate On
    CacheIgnoreHeaders Set-Cookie Access-Control-Cookie
</IfModule>

Please let me know if this is a bug or i am missing something.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57538] Serving cached cookie when mod_cache is enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

Yann Ylavic <yl...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Yann Ylavic <yl...@gmail.com> ---
httpd-2.2.3 is 8 years old now, there were many fixes/improvements applied to
mod_cache since then.

Particularly this bug was fixed in 2.2.13 (r765997) :
  *) mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders
     directive to correctly remove headers before storing them.
     [Lars Eilebrecht]

Please upgrade to a newer version (preferably the latest, 2.2.29 as for now).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57538] Serving cached cookie when mod_cache is enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #5 from Eric Covener <co...@gmail.com> ---
(In reply to Mahendra from comment #4)
> Thank you very much for quick turn around. We've another Apache servers of
> 2.2.11 but 32-bit which never had this issue. Yann said that it was fixed in
> 2.2.13 but has it been fixed in 2.2.11 itself or 32-bit and 64-bit apache
> binary also makes a difference?

Bugzilla is for reporting bugs, not for support.  I won't followup here again.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57538] Serving cached cookie when mod_cache is enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Eric Covener <co...@gmail.com> ---
(In reply to Mahendra from comment #2)
> Thanks for the update. If we want to upgrade to 2.4.x, which exact version
> of 2.4.x has mod_cache fixes ?

It never affected 2.4.x.  So any version.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57538] Serving cached cookie when mod_cache is enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

Yann Ylavic <yl...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.2.29                      |2.2.3

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57538] Serving cached cookie when mod_cache is enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

Mahendra <ma...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #2 from Mahendra <ma...@gmail.com> ---
Thanks for the update. If we want to upgrade to 2.4.x, which exact version of
2.4.x has mod_cache fixes ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57538] Serving cached cookie when mod_cache is enabled

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57538

Mahendra <ma...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #4 from Mahendra <ma...@gmail.com> ---
Thank you very much for quick turn around. We've another Apache servers of
2.2.11 but 32-bit which never had this issue. Yann said that it was fixed in
2.2.13 but has it been fixed in 2.2.11 itself or 32-bit and 64-bit apache
binary also makes a difference?

Regards
Mahendra.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org