Thanks. You are right, the only "cosign" cookie somehow disappears from headers.
Log from Live Headers in the attachment, and here is apache log after patching:
cosign.cgi: HTTP_COOKIE header: exposedFactors=,friend cosign.cgi: HTTP_COOKIE header: exposedFactors=,friend cosign.cgi: HTTP_COOKIE header: exposedFactors=,friend[Wed Jun 16 17:46:40 2010] [error] [client 172.16.8.55] (104)Connection reset by peer: ap_content_length_filter: apr_bucket_read() failed, referer: http://weblogin.auditory.ru/cosign-bin/cosign.cgi
I can send a different cookie with Firebug addon and then it can be found in logs. And it can be much longer than 141 b (cosign cookie size).
So where should I search now?
http://weblogin.auditory.ru/cosign-bin/cosign.cgi GET /cosign-bin/cosign.cgi HTTP/1.1 Host: weblogin.auditory.ru User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ru,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: exposedFactors=,friend HTTP/1.1 200 OK Server: nginx/0.7.61 Date: Wed, 16 Jun 2010 13:46:36 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 Expires: Mon, 16 Apr 1973 13:10:00 GMT Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0 Pragma: no-cache Set-Cookie: cosign=bZiYZu9MLw+-pUBnFVEcjsiRXHYiZLi-KtnxzC1vcrpYBpB+XbyUsoGLLzThCYdxDnkgSx22gMRPl5UPXrjsq1A+lsErmLrWOG22Y4DmfEdwL4eEVN-2kCdX48uE/1276695996; path=/; secure Last-Modified: Mon, 16 Apr 1973 13:10:00 GMT ---------------------------------------------------------- http://weblogin.auditory.ru/cosign-bin/cosign.cgi POST /cosign-bin/cosign.cgi HTTP/1.1 Host: weblogin.auditory.ru User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: ru,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://weblogin.auditory.ru/cosign-bin/cosign.cgi Cookie: exposedFactors=,friend Content-Type: application/x-www-form-urlencoded Content-Length: 73 required=&ref=&service=&login=test&password=test&passcode=&doLogin=Log+In HTTP/1.1 200 OK Server: nginx/0.7.61 Date: Wed, 16 Jun 2010 13:46:40 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 ----------------------------------------------------------
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
