You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/03/21 19:04:13 UTC

DO NOT REPLY [Bug 18230] New: - RequestHeader add/append Cookie uses comma instead of semi-colon

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18230>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18230

RequestHeader add/append Cookie uses comma instead of semi-colon

           Summary: RequestHeader add/append Cookie uses comma instead of
                    semi-colon
           Product: Apache httpd-2.0
           Version: 2.0.44
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_headers
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: joachimm@yahoo.com


The following directive:

RequestHeader append Cookie LOGIN=user@host.com:time:hash

Adds the LOGIN=user@host.com:time:hash cookie to the request,
but it adds it using a comma as a separator instead of a semi-colon.
I've also tried "add".

I am using this with a ProxyPass directive to proxy a cookie-protected
resource. "set" works, only the JSESSIONID cookie gets overwritten, 
which breaks session handling.


When Weblogic gets the request from the proxy, it has a problem with 
the comma in the Cookie: header (from wl log):


"Got bad cookie header: in 
cookie 'JSESSIONID=27LOkjeKfPdPrH9bvjHka08ny4uBTkn0cCCJizzb1Y1iuYjUie3r!-
1118611395, LOGIN=user@host.com:1056035770:hash' 
 character ',' at position 75 is illegal "
 
This is from javax.http.servlet.HttpServletRequest.getCookies() 
(implemented by Weblogic).

The spec says that semi-colon is the separator, but that servers should
accept commas.  I am opening a bug with Weblogic, but it seems to me
that Apache HTTPD should follow the spec as close as possible.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org