https://issues.apache.org/bugzilla/show_bug.cgi?id=56014
Bug ID: 56014
Summary: MOd rewrite CO Cookie method the lifetime flag not
working as expected
Product: Apache httpd-2
Version: 2.2.24
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_rewrite
Assignee: [email protected]
Reporter: [email protected]
HI,
We are using the Apache 2.2.24 on Red Hat Linux.
In Mod rewrite rules, we have observed below error behavior with respect to
cookie session flag.
The documentation mentions that when you specify the lifetime of ‘0’ or the
default value should be 0 , session cookie should persist only for the
current browser session. I have tested this and this is not true (session is
expired immediately).
Code used :
CO=cookie1:true:.abcxyz.com:0:/:1:1
Result: Session expires immediately == BUG
CO=cookie1:true:.abcxyz.com::/:1:1
Result: Session expires immediately == BUG
CO=cookie:true:.abcxyz.com
Result: Works default setting is session cookie. But this cookie is not secure
and HTTP only.
We have to set cookie which is persist only for the current browser session and
secure and HTTP only with path.
Please let us know if any solutions available for this.
DO let me know if you need any other information.
Thanks and Regards,
Srinivas M, CISSP.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
