DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44322>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44322 Summary: mod_proxy ProxyPassReverseCookieDomain with no domain set in cookie cannot set a domain Product: Apache httpd-2 Version: 2.2.6 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] On a reverse proxy we want to force cookie domain: -------------------------------------------------- ProxyPass / http://www1.foo.com/bar/ ProxyPassReverse / http://www1.foo.com/bar/ ProxyPassReverseCookieDomain www1.foo.com .foo.com ---------------------------------------------------- It works, ProxyPassReverseCookieDomain permits us to rewrite the cookie as a 'domain valid' cookie for -bad- applications that cannot do it on their own. But When such applications aren't setting any domain information on the cookie we cannot enforce the cookie domain. This cookie domain is empty and so browsers interpret it as the host name (here the proxy public name). Bad. lets say we should be able to write: ProxyPassReverseCookieDomain "" ".foo.com" or ProxyPassReverseCookieDomain NULL .foo.com It's not possible Workaround: Actually we handle this situation by injection Cookie Domain in Cookie path rewriting that way: ProxyPassReverseCookiePath / "/; Domain=.foo.com" And it works, but that's piggy. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
