On Tue, Jul 16, 2002 at 12:15:41PM -0700, Adam Sussman wrote: > On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote: > > Adam Sussman wrote: > > > The new cookie setting feature of mod_rewrite adds the Set-Cookie header > > > to r->headers_out. Shouldn't this be r->err_headers_out instead? > > > > > > The error headers are always present whereas the the normal headers do not > > > appear under error conditions. In applications where I have an apache > > > module setting cookies, I have always found that setting err_headers_out > > > gives me the complete coverage that I want. > > > > > > Thoughts? > > yep.. a couple of them > > the original patch has err_headers_out and it didn't work as we would > > get multiple cookies back on a simple request on GET / on a standard > > install. > > > > hmm... I cannot reproduce this behaviour. So far as I can see, the only > difference is whether or not the cookie header appears in non-200 reponses. > Can you show me the configuration you used?
Here's an example that will trigger the same cookie being set twice when the cookies are in err_headers_out: RewriteRule ^(.*)$ - [CO=MYCOOKIE:$1:.apache.org] If you used this and requested / it would get an internal redirecto to /index.html, therefore you'd get two SetCookie headers, one for MYCOOKIE=/ and another for MYCOOKIE=/index.html This could be a problem for you. However, if it's not in err_headers_out there's even a bigger problem. mod_rewrite uses internal redirects for rewrite rules that are placed in <Directory> and <Location> tags because the directory_walk and location_walk phases execute after the translate_name phase. Therefore, if you don't put the cookie in err_headers_out, it will get set in r->main, then the internal_redirect issues and the cookie never gets sent to the requestor. So we're screwed either way. One way I've thought of to fix this is to alter mod_rewrite so that it translates the name in the map_to_storage phase for rules inside of <Directory> and <Location> sections. I haven't tried this though. Any thoughts? -bmd