On Wed, Jun 29, 2016 at 2:02 AM, Joseph Schaefer <joe_schae...@yahoo.com> wrote:
> Php's cookie parser can be more lax in treating ", " similar to "; ", that
> would be a better avenue of redress. Otherwise they can adopt libapreq2's
> cookie parsing code which has much richer support for merging cookie headers
> written to different cookie specs.
That's basically what it'll have to be, since even if this was "fixed"
in httpd, it would probably take years for this to appear in the
apache packages of any of the "enterprise" Linux distributions.
Anyway, in my opinion, the same argument regarding treating ", " like
"; " also applies to httpd (regarding %{...}c), especially since ,
isn't allowed anywhere in a cookie, but there's no point in continuing
this discussion.
rainer
