DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28391>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28391 CO (cookie) flag does not support session-based expiration with path specified Summary: CO (cookie) flag does not support session-based expiration with path specified Product: Apache httpd-2.0 Version: 2.0.49 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: mod_rewrite AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] The cookie flag with mod_rewrite does not allow you to expire a cookie when the browser closes if you also need to specify a path. For example: RewriteRule (.*) - [CO=MyCookie:value::/somepath] Actually results in /somepath being copied into the variable expires in mod_rewrite.c:addcookie() and path being set to NULL. This results in expires being set to 0, a cookie being generated for the current time/date, and the path being set to NULL, which seems like a bug. likewise, the following line will result in a cookie being set that expires immediately: RewriteRule (.*) - [CO=MyCookie:value:0:/somepath] I've written a patch that allows 0 or "::" to indicate that the cookie is valid for the current session. The only time I can imagine that a user would want to set a cookie to "now+0" is if he is trying to expire an existing cookie, and in that case "now+(-1)" will work much better, and I believe this is supported by specifying -1 in the CO flag field for the expire time. Basically, I needed to set a cookie that is for a particular path and is good only while the browser is open. So my patch checks for the improper tokenization of the path into the expires field and moves the path into the proper variable and reassigns expires to NULL. If determines this by testing to see if expires != NULL, atol(expires)==0, path==NULL and !apr_isdigit(*expires). The only case this logic could fail is if the path is specified as a number as the first digit, but a cookie path must begin with a / to be well formed. See the patch which I will attach. This is against 2.0.49. I hope that this can be included in a future revision, or the concept of the patch can be accomplished. Thanks, Byron Guernsey GE Consumer & Industrial Products --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
