https://bz.apache.org/bugzilla/show_bug.cgi?id=63434
--- Comment #3 from Yann Ylavic <[email protected]> --- So, since comma in a header is equivalent to multiple headers, do you propose that httpd rejects (with status 4xx) any request with either multiple Cookie header or a single one containing comma(s)? Because turning multiple Cookie headers into a single one with semicolon(s) is not the same HTTP request (while the comma preserves semantics), the only possible action would be to reject. Also, it seems to me that Cookie is an application thingy, not an HTTP one, so why would httpd reject it if the HTTP header is valid? With comma separated cookies, the application can detect and reject, not if httpd changes the semantics.. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
