[Bug 68473] New: mod_session_dbd causes duplicate set-cookie headers to be sent

Fri, 12 Jan 2024 14:14:01 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=68473

            Bug ID: 68473
           Summary: mod_session_dbd causes duplicate set-cookie headers to
                    be sent
           Product: Apache httpd-2
           Version: 2.4.57
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_session_dbd
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

It would seem mod_session_dbd causes duplicate set-cookie headers, this has
been an issue for many years (10+) with reports going unresolved

I am re-reporting this issue in hopes it gains some traction

Here is a complete, basic configuration to reproduce the issue


ServerRoot "C:/Apache24"
Listen 80

LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule session_module modules/mod_session.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule dir_module modules/mod_dir.so

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DBDriver odbc
DBDParams "odbc_connection_string"
DBDKeep     10
DBDMax      10
DBDMin      3

DBDPrepareSQL "select value from sessions where token = %s and (expiry = 0 or
expiry > %lld)" selectsession 
DBDPrepareSQL "delete from sessions where token = %s" deletesession 
DBDPrepareSQL "insert into sessions (value, expiry, token) values (%s, %lld,
%s)" insertsession 
DBDPrepareSQL "update sessions set value = %s, expiry =  %lld, token = %s where
token = %s" updatesession 
DBDPrepareSQL "delete from sessions where expiry != 0 and expiry < %lld"
cleansession

DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
    Require all granted
    Session On
    SessionDBDCookieName test path=/
    SessionMaxAge 604800
    SessionEnv on
    SessionHeader X-Replace-Session
</Directory>


<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to