Hi,
Some of our QA people discovered a problem when performing request
with a query string on a mod_cache enabled Apache 2.0.40 setup.
Request 1: /test.html?x=1&y=3
Request 2: /test.html?x=2&y=4
Performing request 1 triggers mod_cache to store the response in its
cache. When performing request 2, the data from request 1 is returned
because mod_cache only uses the URI when generating a cache key. The
patch that is attached will fix this.
According to RFC 2616 (HTTP/1.1) paragraph 13.9:
"...: since some applications have traditionally used GETs
and HEADs with query URLs (those containing a "?" in the
rel_path part) to perform operations with significant side
effects, caches MUST NOT treat responses to such URIs as
fresh unless the server provides an explicit expiration
time."
The fix does the following:
1. decline caching when there is a query string present and
no 'Expires' header is found (mod_cache.c)
2. use 'URI' + '?' + 'query string' has the hash key instead
of only the URI (cache_storage.c)
--
ir. Kris Verbeeck
Development Engineer
Ubizen - Ubicenter - Philipssite 5 - 3001 Leuven - Belgium
T: +32 16 28 70 64
F: +32 16 28 70 77
Ubizen - We Secure e-business - www.ubizen.com
--- cache_storage.c Thu Sep 12 14:05:31 2002
+++ cache_storage.c-PATCHED Thu Sep 12 14:06:18 2002
@@ -294,7 +294,7 @@
apr_status_t cache_generate_key_default( request_rec *r, apr_pool_t*p, char**key )
{
- *key = apr_pstrdup(p,r->uri);
+ *key = apr_pstrcat(p,r->uri, "?", r->args, NULL);
return APR_SUCCESS;
}
--- mod_cache.c Thu Sep 12 14:14:44 2002
+++ mod_cache.c-PATCHED Thu Sep 12 14:14:55 2002
@@ -538,6 +538,10 @@
&& r->status != HTTP_NOT_MODIFIED)
/* if a broken Expires header is present, don't cache it */
|| (exps != NULL && exp == APR_DATE_BAD)
+ /* if query string present but no expiration time, don't cache it
+ * (RFC 2616/13.9)
+ */
+ || (r->args && exps == NULL)
/* if the server said 304 Not Modified but we have no cache
* file - pass this untouched to the user agent, it's not for us.
*/
