https://bz.apache.org/bugzilla/show_bug.cgi?id=60910
Bug ID: 60910
Summary: Do not send Set-Cookie twice
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_session_cookie
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 34874
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34874&action=edit
Do not send Set-Cookie twice
mod_session_cookie uses ap_cookie_write() with r->headers_out and
r->err_headers_out. The former causes a Set-Cookie header to be added on
successful requests, while the later causes a Set-Cookie header to always be
added.
As a result, successful requests get a duplicated Set-Cookie header and it
confuses some clients. The attached patch fixes that by using only
r->err_headers_out, which as its name does not suggests, causes Set-Cookie to
be always added, regardless of error status.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
