Nick Kew wrote: > > > I recently patched bug 10722. My patch was against 2.0.49, for a Client > who needed it in a hurry. > > I'm just porting it to 2.1-HEAD. In doing so, I find there's an existing > patch that saves and restores cookies without rewriting the Domain and > Path components. AFAICS my patch would/should supersede that one. > But I'm reluctant to do so without understanding the purpose of the > other patch. > > The other patch is at > http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/proxy/proxy_http.c?r1=1.184&r2=1.185 > > It appears just to merge Set-Cookie headers in r->err_headers_out with > those in r->headers_out. The latter have just come from the backend > (the server proxied). But how/why should there be (any) cookies in > r->err_headers_out at this point? Presumably they'd be from the proxy > rather than the backend? And why merge them into a normal 2xx response? >
This is so Cookies added my the local proxy server (Apache) via internal custom modules do not loose those cookies when used also as a proxy. If a module has added Cookie information we should honor that and maintain it as is. Roy and I talked about this and both agreed that it made sense hence the patch. In this case, it should NOT rewrite the domain/path info, since that would destroy the utility of that cookie, since it is a cookie generated by, and used by, the proxy server and not the origin server. Rewriting would make that bogus. -- =========================================================================== Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson