Hiya On Fri, 2010-11-12 at 11:59 -0800, Mark Hedges wrote: > > > On 08/11/2010 15:28, Issac Goldstand wrote: > > > > On 08/11/2010 15:25, Clinton Gormley wrote: > > > >>>> I see a patch in Debian which does this: > > >http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg543361.html > > Sorry if I don't understand what's going on, but is this a > bug that causes the cookie header to have only the value '1' > instead of proper headers?
No, this isn't a bug - it's a feature of cookies that is not supported in the current version of libapreq - the addition of the 'http' flag to generated cookies: http://en.wikipedia.org/wiki/HttpOnly#Cookie_theft > > https://rt.cpan.org/Public/Bug/Display.html?id=61744 > > Since there's some activity/interest in a new release, maybe > someone can offer their opinion whether the suggested fix in > the bug report above is a good idea, or whether this is > something that needs to be fixed in Apache2::Cookie. I > haven't been able to duplicate it-- maybe because I use > Debian? I had a read of your bug and the conversation it links to. This isn't a bug in libapreq or Apache2::Cookie - some process somewhere (and it could be from an advert on the user's site) is setting an invalid cookie, which then gets passed back to apache. Apache2::Cookie tries to parse it, and chokes on it, throwing an error. However, you can change how you use Apache2::Cookie to ignore the error and just retrieve valid cookies as discussed in the conversation linked to in that bug report: http://comments.gmane.org/gmane.comp.apache.apreq/4477 clint
