>Number: 3567 >Category: mod_cgi >Synopsis: CGI Bin scripts can't override the Date header. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun Dec 20 23:40:01 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.3 >Environment: OSF1 batch2.csd.uwm.edu V4.0 878 alpha Server version: Apache/1.3.3 (Unix) Server built: Dec 15 1998 15:15:40 >Description: I am running a CGI Bin script to process some files and serve them as html files. The CGI Bin script is set up using an action command in a .htaccess file. I am setting Last-Modified headers because I want to the data cached. Last-Modified headers are not supposed to have a time in advance of the Date header. So I tried to create a Date header as well using the current time and then checked to make sure the Last-Modified header was not in the future. However when I looked at the returned date headers, they were not matching the date obtained by my CGI Bin script. In fact they appear to use a time from before the CGI Bin script was run. I noticed this because I had set a Expires header one year in advance and noticed a discrepency in the seconds part of the date and time. I would expect that letting the CGI Bin script override the Date header that the server supplies would be the best answer. If the date header was obtained after the the script ran than at least the test versus the Last-Modified header would work without making guesses about how much delay there can be in running the script. Another alternative would be to pass the date that is going to be used in the date header to the CGI Bin script. (I looked to see if this was done and couldn't find any date information in the environment or standard input.) >How-To-Repeat: Set up an action to run a cgibin script. Have the script obtain the current date and write a date header and the same header with some other name. Then telnet to the web server and issue a HEAD request with a URI that will trigger the action. The returned date header will be less than or equal to the date and time on the test header. At our site I typically saw a 1 second difference, though on at least one occasion there was a 13 second difference. >Fix: Let the Date header returned by the CGI Bin script for the action replace the server generated Date header. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
