--On Wednesday, June 4, 2003 11:33 AM -0400 Ryan Eberhard
[EMAIL PROTECTED] wrote:
I would appreciate the compromise where this behavior could be configured,
particularly if there is a way for a module to update the behavior
programmatically, e.g. without having to edit the configuration
Attached is a patch to add a configuration directive to control whether
the server is allowed to issue Set-Cookie headers when the HTTP status
is 304 (Not Modified).
Files changed:
http-2.0/include/httpd.h -- Added allow_setcookie_on_not_modfied member
to server_rec
http-2.0/server/config.c --
Despite the quote from Roy Fielding, I stand by my claim that
Set-Cookie is a response-header and not an entity-header.
How so? The extension-header mechanism for HTTP headers
is in the entity-header section of 2616. Since cookie
headers don't appear elsewhere within the 2616 spec,
--On Wednesday, June 4, 2003 11:33 AM -0400 Ryan Eberhard
[EMAIL PROTECTED] wrote:
I would appreciate the compromise where this behavior could be configured,
particularly if there is a way for a module to update the behavior
programmatically, e.g. without having to edit the configuration file.
All,
I've reopened bug 18388 with the comments below.
I'd love to have a discussion about Set-Cookie's proper definition --
I believe it is a response-header (and thus allowed under a 304) rather than
an entity-header. Given that, the proper algorithm would be to filter out
All,
I apologize that I didn't see the discussion that had occurred on this topic
already... I had previously gone through the archives, but neglected to
before sending the previous mail.
Despite the quote from Roy Fielding, I stand by my claim that Set-Cookie
is a response-header and not an
Ryan Eberhard wrote:
Despite the quote from Roy Fielding, I stand by my claim that Set-Cookie
is a response-header and not an entity-header.
I would say a cookie is an entity header, in that in its typical use,
the cookie value is bound somehow to the page that comes along with it.
For
Ryan Eberhard [EMAIL PROTECTED] writes:
[...]
Despite the quote from Roy Fielding, I stand by my claim that
Set-Cookie is a response-header and not an entity-header.
How so? The extension-header mechanism for HTTP headers
is in the entity-header section of 2616. Since cookie
headers don't
Since there seems to be some disagreement on this, and the RFC doesn't
really specify which it is but instead makes a point of leaving it open
for discussion, and there are many other popular servers out there that
behave differently than apache and therefore some people may come to
expect (nay