Re: mod_rewrite cookies

On 07/19/2008 06:08 PM, Nick Kew wrote: Reviewing the backport proposal in STATUS, it amounts to http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=6394 \ 65r2=664330pathrev=664330 It still seems to be at risk of generating a malformed cookie, if secure is

mod_rewrite cookies

Reviewing the backport proposal in STATUS, it amounts to http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=639465r2=664330pathrev=664330 It still seems to be at risk of generating a malformed cookie, if secure is unset (NULL) but httponly is set. Shouldn't it guard

Re: mod_rewrite cookies

On 07/19/2008 06:08 PM, Nick Kew wrote: Reviewing the backport proposal in STATUS, it amounts to http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=639465r2=664330pathrev=664330 It still seems to be at risk of generating a malformed cookie, if secure is unset