In working through this code, I realized that you may have multiple cookie headers of multiple values for the same cookie name.
Mark Thomas looked at the spec for me and determined they would be entirely permissible by RFC 6265 S4.2.2. But today we simply log one and done. I don't want to hold up 2.4 or 2.2 for such an issue, but would like to correct it in the near-term. The discussion question is; how to indicate a value list rather than a value in our logging? On Mar 7, 2014 2:57 PM, <wr...@apache.org> wrote: > Author: wrowe > Date: Fri Mar 7 20:56:24 2014 > New Revision: 1575400 > > URL: http://svn.apache.org/r1575400 > Log: > Clean up the cookie logging parser to recognize only the cookie=value > pairs, > not valueless cookies. This refactors multiple passes over the same string > buffer into a single pass parser. > > Submitted by: wrowe > Reviewed by: rpluem, jim > > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/modules/loggers/mod_log_config.c > > Modified: httpd/httpd/trunk/CHANGES > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1575400&r1=1575399&r2=1575400&view=diff > > ============================================================================== > --- httpd/httpd/trunk/CHANGES [utf-8] (original) > +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Mar 7 20:56:24 2014 > @@ -1,6 +1,10 @@ > -*- coding: > utf-8 -*- > Changes with Apache 2.5.0 > > + *) Clean up cookie logging with fewer redundant string parsing passes. > + Log only cookies with a value assignment. > + [William Rowe, Ruediger Pluem, Jim Jagielski] > + > *) mod_ssl: Do not perform SNI / Host header comparison in case of a > forward proxy request. [Ruediger Pluem] > > > Modified: httpd/httpd/trunk/modules/loggers/mod_log_config.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?rev=1575400&r1=1575399&r2=1575400&view=diff > > ============================================================================== > --- httpd/httpd/trunk/modules/loggers/mod_log_config.c (original) > +++ httpd/httpd/trunk/modules/loggers/mod_log_config.c Fri Mar 7 20:56:24 > 2014 > @@ -543,14 +543,24 @@ static const char *log_cookie(request_re > > while ((cookie = apr_strtok(cookies, ";", &last1))) { > char *name = apr_strtok(cookie, "=", &last2); > - if (name) { > - char *value = name + strlen(name) + 1; > - apr_collapse_spaces(name, name); > + /* last2 points to the next char following an '=' delim, > + or the trailing NUL char of the string */ > + char *value = last2; > + if (name && *name && value && *value) { > + char *last = value - 2; > + /* Move past leading WS */ > + name += strspn(name, " \t"); > + while (last >= name && apr_isspace(*last)) { > + *last = '\0'; > + --last; > + } > > if (!strcasecmp(name, a)) { > - char *last; > - value += strspn(value, " \t"); /* Move past leading > WS */ > - last = value + strlen(value) - 1; > + /* last1 points to the next char following the ';' > delim, > + or the trailing NUL char of the string */ > + last = last1 - (*last1 ? 2 : 1); > + /* Move past leading WS */ > + value += strspn(value, " \t"); > while (last >= value && apr_isspace(*last)) { > *last = '\0'; > --last; > @@ -559,6 +569,7 @@ static const char *log_cookie(request_re > return ap_escape_logitem(r->pool, value); > } > } > + /* Iterate the remaining tokens using apr_strtok(NULL, ...) */ > cookies = NULL; > } > } > > >
