On Tue, Jun 28, 2016 at 2:29 PM, Rainer Canavan <rainer.cana...@sevenval.com > wrote:
> > It's not just the Cookie that's logged via %{}C that gets nonsense > appended, but the cookie parser of e.g. PHP behaves the same. I think > httpd could handle this better by not merging the headers or merging > them in a way that is consistent with the syntax of the Cookie: > response header. Since the original Cookie: header sent by the client > gets corrupted by httpd, I'd even prefer dripping any additional > headers over the current behaviour. > That's not nonsense, and dropping isn't an option. You need to review https://tools.ietf.org/html/rfc7230#section-3.2.2 and stop and explain your confusion so we can assist.