Once apreq's fate is decided, I'll try to submit a patch for
these to work with apreq_cookie. In the meantime, you may want
to incorporated these- the current cookie "parsing" code looks
a bit unsafe to me. Also, RFC 2965's "Cookie2" header is used for
sending $Version info, not cookie data.
--- mod_usertrack.c.old Fri Aug 16 19:16:23 2002
+++ mod_usertrack.c Thu Aug 29 16:38:23 2002
@@ -204,11 +204,9 @@
return DECLINED;
}
- if ((cookie = apr_table_get(r->headers_in,
- (dcfg->style == CT_COOKIE2
- ? "Cookie2"
- : "Cookie"))))
- if ((value = ap_strstr_c(cookie, dcfg->cookie_name))) {
+ if ((cookie = apr_table_get(r->headers_in, "Cookie")))
+ if ((value = ap_strstr_c(cookie, dcfg->cookie_name)) &&
+ value[strlen(dcfg->cookie_name)] == '=') {
char *cookiebuf, *cookieend;
value += strlen(dcfg->cookie_name) + 1; /* Skip over the '=' */
--- mod_log_config.c.old Thu Aug 29 16:45:04 2002
+++ mod_log_config.c Thu Aug 29 16:47:21 2002
@@ -457,7 +457,8 @@
const char *start_cookie;
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
- if ((start_cookie = ap_strstr_c(cookies,a))) {
+ if ((start_cookie = ap_strstr_c(cookies,a)) &&
+ start_cookie[strlen(a)] == '=') {
char *cookie, *end_cookie;
start_cookie += strlen(a) + 1; /* cookie_name + '=' */
cookie = apr_pstrdup(r->pool, start_cookie);
