https://issues.apache.org/bugzilla/show_bug.cgi?id=57538
Bug ID: 57538
Summary: Serving cached cookie when mod_cache is enabled
Product: Apache httpd-2
Version: 2.2.29
Hardware: PC
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_cache
Assignee: [email protected]
Reporter: [email protected]
We have an application protected with Access Controls for authentication and
Single Sign-On. The Application is front ended by Apache 2.2.3 (64-bit) where
an agent is setup for access control.
We've enabled mod_cache to improve application performance and also configured
to ignore caching for Access Control cookies as they are used for Single Sign
On.
However, apache is caching the cookies which can be seen under CacheRoot
directory. Also, while accessing an application, the Apache is flipping the
user's Access-Control Cookie (say user_1) with another Access-Control cached
cookie of another user (say user_2).
We've set below mod_cache configuration in Apache configuration file so that
Apache should not cache Access-Control-Cookie, but it is not working
<IfModule cache_module>
CacheRoot /opt/httpd/mod_cache
CacheEnable disk /
CacheStorePrivate On
CacheIgnoreHeaders Set-Cookie Access-Control-Cookie
</IfModule>
Please let me know if this is a bug or i am missing something.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
