Re: [PATCH] mod_rewrite and cookie setting
On Tue, Jul 16, 2002 at 12:15:41PM -0700, Adam Sussman wrote: On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote: Adam Sussman wrote: The new cookie setting feature of mod_rewrite adds the Set-Cookie header to r-headers_out. Shouldn't this be r-err_headers_out instead? The error headers are always present whereas the the normal headers do not appear under error conditions. In applications where I have an apache module setting cookies, I have always found that setting err_headers_out gives me the complete coverage that I want. Thoughts? yep.. a couple of them the original patch has err_headers_out and it didn't work as we would get multiple cookies back on a simple request on GET / on a standard install. hmm... I cannot reproduce this behaviour. So far as I can see, the only difference is whether or not the cookie header appears in non-200 reponses. Can you show me the configuration you used? Here's an example that will trigger the same cookie being set twice when the cookies are in err_headers_out: RewriteRule ^(.*)$ - [CO=MYCOOKIE:$1:.apache.org] If you used this and requested / it would get an internal redirecto to /index.html, therefore you'd get two SetCookie headers, one for MYCOOKIE=/ and another for MYCOOKIE=/index.html This could be a problem for you. However, if it's not in err_headers_out there's even a bigger problem. mod_rewrite uses internal redirects for rewrite rules that are placed in Directory and Location tags because the directory_walk and location_walk phases execute after the translate_name phase. Therefore, if you don't put the cookie in err_headers_out, it will get set in r-main, then the internal_redirect issues and the cookie never gets sent to the requestor. So we're screwed either way. One way I've thought of to fix this is to alter mod_rewrite so that it translates the name in the map_to_storage phase for rules inside of Directory and Location sections. I haven't tried this though. Any thoughts? -bmd
[PATCH] mod_rewrite and cookie setting
The new cookie setting feature of mod_rewrite adds the Set-Cookie header to r-headers_out. Shouldn't this be r-err_headers_out instead? The error headers are always present whereas the the normal headers do not appear under error conditions. In applications where I have an apache module setting cookies, I have always found that setting err_headers_out gives me the complete coverage that I want. Thoughts? -adam Attached is a patch to set err_headers_out instead: Index: mod_rewrite.c === RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v retrieving revision 1.124 diff -u -r1.124 mod_rewrite.c --- mod_rewrite.c 10 Jul 2002 06:01:10 - 1.124 +++ mod_rewrite.c 16 Jul 2002 17:15:33 - -4162,12 +4162,7 : NULL, NULL); - -/* - * XXX: should we add it to err_headers_out as well ? - * if we do we need to be careful that only ONE gets sent out - */ -apr_table_add(r-headers_out, Set-Cookie, cookie); +apr_table_add(r-err_headers_out, Set-Cookie, cookie); rewritelog(r, 5, setting cookie '%s' to '%s', var, val); } }
Re: [PATCH] mod_rewrite and cookie setting
Adam Sussman wrote: The new cookie setting feature of mod_rewrite adds the Set-Cookie header to r-headers_out. Shouldn't this be r-err_headers_out instead? The error headers are always present whereas the the normal headers do not appear under error conditions. In applications where I have an apache module setting cookies, I have always found that setting err_headers_out gives me the complete coverage that I want. Thoughts? yep.. a couple of them the original patch has err_headers_out and it didn't work as we would get multiple cookies back on a simple request on GET / on a standard install. -adam Attached is a patch to set err_headers_out instead: Index: mod_rewrite.c === RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v retrieving revision 1.124 diff -u -r1.124 mod_rewrite.c --- mod_rewrite.c 10 Jul 2002 06:01:10 - 1.124 +++ mod_rewrite.c 16 Jul 2002 17:15:33 - -4162,12 +4162,7 : NULL, NULL); - -/* - * XXX: should we add it to err_headers_out as well ? - * if we do we need to be careful that only ONE gets sent out - */ -apr_table_add(r-headers_out, Set-Cookie, cookie); +apr_table_add(r-err_headers_out, Set-Cookie, cookie); rewritelog(r, 5, setting cookie '%s' to '%s', var, val); } }
Re: [PATCH] mod_rewrite and cookie setting
On Tue, Jul 16, 2002 at 10:26:49AM -0700, Ian Holsman wrote: Adam Sussman wrote: The new cookie setting feature of mod_rewrite adds the Set-Cookie header to r-headers_out. Shouldn't this be r-err_headers_out instead? The error headers are always present whereas the the normal headers do not appear under error conditions. In applications where I have an apache module setting cookies, I have always found that setting err_headers_out gives me the complete coverage that I want. Thoughts? yep.. a couple of them the original patch has err_headers_out and it didn't work as we would get multiple cookies back on a simple request on GET / on a standard install. hmm... I cannot reproduce this behaviour. So far as I can see, the only difference is whether or not the cookie header appears in non-200 reponses. Can you show me the configuration you used? -adam
