Nick Kew wrote:
> 
> 
> I recently patched bug 10722.  My patch was against 2.0.49, for a Client
> who needed it in a hurry.
> 
> I'm just porting it to 2.1-HEAD.  In doing so, I find there's an existing
> patch that saves and restores cookies without rewriting the Domain and
> Path components.  AFAICS my patch would/should supersede that one.
> But I'm reluctant to do so without understanding the purpose of the
> other patch.
> 
> The other patch is at
> http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/proxy/proxy_http.c?r1=1.184&r2=1.185
> 
> It appears just to merge Set-Cookie headers in r->err_headers_out with
> those in r->headers_out.  The latter have just come from the backend
> (the server proxied).  But how/why should there be (any) cookies in
> r->err_headers_out at this point?  Presumably they'd be from the proxy
> rather than the backend?  And why merge them into a normal 2xx response?
> 

This is so Cookies added my the local proxy server (Apache) via
internal custom modules do not loose those cookies when used also
as a proxy. If a module has added Cookie information we should
honor that and maintain it as is. Roy and I talked about
this and both agreed that it made sense hence the patch.

In this case, it should NOT rewrite the domain/path info, since
that would destroy the utility of that cookie, since it is
a cookie generated by, and used by, the proxy server and not
the origin server. Rewriting would make that bogus.

-- 
===========================================================================
   Jim Jagielski   [|]   [EMAIL PROTECTED]   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

Reply via email to