>Number: 3872 >Category: general >Synopsis: util_script.c doubles up Set-Cookie headers from >r->err_headers_out >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Feb 10 11:30:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.3 >Environment: SunOS wdev 5.5.1 Generic_103640-14 sun4u sparc SUNW,Ultra-1 gcc version 2.8.1 >Description: I've got an authentication module that sets an encrypted cookie on a successful authentication, and sets it in the r->err_headers_out table so that it'll survive subrequests. When the target URL is a cgi script that cookie ends up sent to the user twice because it gets duplicated in the util_script.c ap_scan_script_header_err_core() function. >How-To-Repeat:
>Fix: I commented out line 457 of the 1.3.3 util_script.c, > ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, > "Set-Cookie", NULL); because it doesn't look like you'd want to preload the temp cookie_table with those set-cookie headers unless you were also going to remove them from err_headers_out, since the entire cookie_table gets appended to err_headers_out later. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
