The new cookie setting feature of mod_rewrite adds the Set-Cookie header to r->headers_out. Shouldn't this be r->err_headers_out instead?
The error headers are always present whereas the the normal headers do not appear under error conditions. In applications where I have an apache module setting cookies, I have always found that setting err_headers_out gives me the complete coverage that I want. Thoughts? -adam Attached is a patch to set err_headers_out instead: Index: mod_rewrite.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v retrieving revision 1.124 diff -u -r1.124 mod_rewrite.c --- mod_rewrite.c 10 Jul 2002 06:01:10 -0000 1.124 +++ mod_rewrite.c 16 Jul 2002 17:15:33 -0000 @@ -4162,12 +4162,7 @@ : NULL, NULL); - - /* - * XXX: should we add it to err_headers_out as well ? - * if we do we need to be careful that only ONE gets sent out - */ - apr_table_add(r->headers_out, "Set-Cookie", cookie); + apr_table_add(r->err_headers_out, "Set-Cookie", cookie); rewritelog(r, 5, "setting cookie '%s' to '%s'", var, val); } }