Once apreq's fate is decided, I'll try to submit a patch for these to work with apreq_cookie. In the meantime, you may want to incorporated these- the current cookie "parsing" code looks a bit unsafe to me. Also, RFC 2965's "Cookie2" header is used for sending $Version info, not cookie data.
--- mod_usertrack.c.old Fri Aug 16 19:16:23 2002 +++ mod_usertrack.c Thu Aug 29 16:38:23 2002 @@ -204,11 +204,9 @@ return DECLINED; } - if ((cookie = apr_table_get(r->headers_in, - (dcfg->style == CT_COOKIE2 - ? "Cookie2" - : "Cookie")))) - if ((value = ap_strstr_c(cookie, dcfg->cookie_name))) { + if ((cookie = apr_table_get(r->headers_in, "Cookie"))) + if ((value = ap_strstr_c(cookie, dcfg->cookie_name)) && + value[strlen(dcfg->cookie_name)] == '=') { char *cookiebuf, *cookieend; value += strlen(dcfg->cookie_name) + 1; /* Skip over the '=' */ --- mod_log_config.c.old Thu Aug 29 16:45:04 2002 +++ mod_log_config.c Thu Aug 29 16:47:21 2002 @@ -457,7 +457,8 @@ const char *start_cookie; if ((cookies = apr_table_get(r->headers_in, "Cookie"))) { - if ((start_cookie = ap_strstr_c(cookies,a))) { + if ((start_cookie = ap_strstr_c(cookies,a)) && + start_cookie[strlen(a)] == '=') { char *cookie, *end_cookie; start_cookie += strlen(a) + 1; /* cookie_name + '=' */ cookie = apr_pstrdup(r->pool, start_cookie);