DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11475>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11475 usertrack can read Cookie2 header but spec says it doesn't contain cookies Summary: usertrack can read Cookie2 header but spec says it doesn't contain cookies Product: Apache httpd-2.0 Version: 2.0.39 Platform: All URL: ftp://ftp.isi.edu/in-notes/rfc2965.txt OS/Version: All Status: NEW Severity: Minor Priority: Other Component: mod_usertrack AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] If the CookieStyle configuration directive is set to Cookie2 or RFC2965, then mod_usertrack sets dcfg->style = CT_COOKIE2. In turn, the spot_cookie() function will then parse the Cookie2: request header, looking for the Apache cookie: cookie = apr_table_get(r->headers_in, (dcfg->style == CT_COOKIE2 ? "Cookie2" : "Cookie")) However, reading the RFC 2965 specification, specifically section 3.3.5, it appears to me that the Cookie2: header is only used to indicate the highest version of the cookie specification that the client understands. Per 3.3.4, the actual cookie values are still sent in the Cookie: header. (See also 9.1 and the examples under 4.1 and 4.2.) As a further note, it seems to me -- I could be reading the spec or code incorrectly, of course -- that the cookie parsing code in spot_cookie() may not really work with RFCs 2109 or 2965, because it doesn't accept commas as cookie delimiters, nor the whitespace or double-quote (") quoted-strings allowed by those RFCs. See 10.1.3 in RFC 2109, as well as 4.1 and 4.3.4 in RFC 2109, and 3.1 and 3.3.4 in RFC 2965. My apologies if I've misread something! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
