You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/03/21 19:04:13 UTC
DO NOT REPLY [Bug 18230] New: -
RequestHeader add/append Cookie uses comma instead of semi-colon
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18230>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18230
RequestHeader add/append Cookie uses comma instead of semi-colon
Summary: RequestHeader add/append Cookie uses comma instead of
semi-colon
Product: Apache httpd-2.0
Version: 2.0.44
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: Normal
Priority: Other
Component: mod_headers
AssignedTo: bugs@httpd.apache.org
ReportedBy: joachimm@yahoo.com
The following directive:
RequestHeader append Cookie LOGIN=user@host.com:time:hash
Adds the LOGIN=user@host.com:time:hash cookie to the request,
but it adds it using a comma as a separator instead of a semi-colon.
I've also tried "add".
I am using this with a ProxyPass directive to proxy a cookie-protected
resource. "set" works, only the JSESSIONID cookie gets overwritten,
which breaks session handling.
When Weblogic gets the request from the proxy, it has a problem with
the comma in the Cookie: header (from wl log):
"Got bad cookie header: in
cookie 'JSESSIONID=27LOkjeKfPdPrH9bvjHka08ny4uBTkn0cCCJizzb1Y1iuYjUie3r!-
1118611395, LOGIN=user@host.com:1056035770:hash'
character ',' at position 75 is illegal "
This is from javax.http.servlet.HttpServletRequest.getCookies()
(implemented by Weblogic).
The spec says that semi-colon is the separator, but that servers should
accept commas. I am opening a bug with Weblogic, but it seems to me
that Apache HTTPD should follow the spec as close as possible.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org