Joe Schaefer wrote: > > Just to be sure we're on the same page- you agree here that HEAD > will erroneously produce duplicates of any "Set-Cookie" headers > in the proxy server's r->err_headers_out table. >
Sure looks like that :) It does not appear that err_headers_out is cleared in the proxy logic path so when Apache is ready to create the default response headers, the overlay will cause Cookies already in err_headers_out to be duplicated since they have been already added to headers_out after we've read the origin server response headers. So the apr_table_do(addit_dammit, save_table, r->err_headers_out, "Set-Cookie", NULL); line should be removed. -- =========================================================================== Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson