Re: [PATCH] mod_rewrite and cookie setting
On Tue, Jul 16, 2002 at 12:15:41PM -0700, Adam Sussman wrote: > On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote: > > Adam Sussman wrote: > > > The new cookie setting feature of mod_rewrite adds the Set-Cookie header > > > to r->headers_out. Shouldn't this be r->err_headers_out instead? > > > > > > The error headers are always present whereas the the normal headers do not > > > appear under error conditions. In applications where I have an apache > > > module setting cookies, I have always found that setting err_headers_out > > > gives me the complete coverage that I want. > > > > > > Thoughts? > > yep.. a couple of them > > the original patch has err_headers_out and it didn't work as we would > > get multiple cookies back on a simple request on GET / on a standard > > install. > > > > hmm... I cannot reproduce this behaviour. So far as I can see, the only > difference is whether or not the cookie header appears in non-200 reponses. > Can you show me the configuration you used? Here's an example that will trigger the same cookie being set twice when the cookies are in err_headers_out: RewriteRule ^(.*)$ - [CO=MYCOOKIE:$1:.apache.org] If you used this and requested / it would get an internal redirecto to /index.html, therefore you'd get two SetCookie headers, one for MYCOOKIE=/ and another for MYCOOKIE=/index.html This could be a problem for you. However, if it's not in err_headers_out there's even a bigger problem. mod_rewrite uses internal redirects for rewrite rules that are placed in and tags because the directory_walk and location_walk phases execute after the translate_name phase. Therefore, if you don't put the cookie in err_headers_out, it will get set in r->main, then the internal_redirect issues and the cookie never gets sent to the requestor. So we're screwed either way. One way I've thought of to fix this is to alter mod_rewrite so that it translates the name in the map_to_storage phase for rules inside of and sections. I haven't tried this though. Any thoughts? -bmd
Re: [PATCH] mod_rewrite and cookie setting
On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote: > Adam Sussman wrote: > > The new cookie setting feature of mod_rewrite adds the Set-Cookie header > > to r->headers_out. Shouldn't this be r->err_headers_out instead? > > > > The error headers are always present whereas the the normal headers do not > > appear under error conditions. In applications where I have an apache > > module setting cookies, I have always found that setting err_headers_out > > gives me the complete coverage that I want. > > > > Thoughts? > yep.. a couple of them > the original patch has err_headers_out and it didn't work as we would > get multiple cookies back on a simple request on GET / on a standard > install. > hmm... I cannot reproduce this behaviour. So far as I can see, the only difference is whether or not the cookie header appears in non-200 reponses. Can you show me the configuration you used? -adam
Re: [PATCH] mod_rewrite and cookie setting
Adam Sussman wrote: > The new cookie setting feature of mod_rewrite adds the Set-Cookie header > to r->headers_out. Shouldn't this be r->err_headers_out instead? > > The error headers are always present whereas the the normal headers do not > appear under error conditions. In applications where I have an apache > module setting cookies, I have always found that setting err_headers_out > gives me the complete coverage that I want. > > Thoughts? yep.. a couple of them the original patch has err_headers_out and it didn't work as we would get multiple cookies back on a simple request on GET / on a standard install. > > -adam > > Attached is a patch to set err_headers_out instead: > > Index: mod_rewrite.c > === > RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v > retrieving revision 1.124 > diff -u -r1.124 mod_rewrite.c > --- mod_rewrite.c 10 Jul 2002 06:01:10 - 1.124 > +++ mod_rewrite.c 16 Jul 2002 17:15:33 - > @@ -4162,12 +4162,7 @@ > : NULL, >NULL); > > - > -/* > - * XXX: should we add it to err_headers_out as well ? > - * if we do we need to be careful that only ONE gets sent out > - */ > -apr_table_add(r->headers_out, "Set-Cookie", cookie); > +apr_table_add(r->err_headers_out, "Set-Cookie", cookie); > rewritelog(r, 5, "setting cookie '%s' to '%s'", var, val); > } > } >
[PATCH] mod_rewrite and cookie setting
The new cookie setting feature of mod_rewrite adds the Set-Cookie header to r->headers_out. Shouldn't this be r->err_headers_out instead? The error headers are always present whereas the the normal headers do not appear under error conditions. In applications where I have an apache module setting cookies, I have always found that setting err_headers_out gives me the complete coverage that I want. Thoughts? -adam Attached is a patch to set err_headers_out instead: Index: mod_rewrite.c === RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v retrieving revision 1.124 diff -u -r1.124 mod_rewrite.c --- mod_rewrite.c 10 Jul 2002 06:01:10 - 1.124 +++ mod_rewrite.c 16 Jul 2002 17:15:33 - @@ -4162,12 +4162,7 @@ : NULL, NULL); - -/* - * XXX: should we add it to err_headers_out as well ? - * if we do we need to be careful that only ONE gets sent out - */ -apr_table_add(r->headers_out, "Set-Cookie", cookie); +apr_table_add(r->err_headers_out, "Set-Cookie", cookie); rewritelog(r, 5, "setting cookie '%s' to '%s'", var, val); } }