Hi all,
Currently, Apache::AuthCookie uses:
$r->err_header_out("Set-Cookie" => ...
to set its cookie.
However, if you're authentication or authorization routines also sets
a cookie, then it will get overwritten by the above code.
Below is a proposed patch to AuthCookie.pm that I believe solves this
problem. Basically, I replaced each occurrence of the above with:
$r->err_headers_out->add("Set-Cookie" => ...
This assumes that you have Apache::Table compiled in.
The corresponding code to read in the cookies (using err_header_in) is
not a problem since it seems that browsers return all cookies destined
for a particular domain/path in a single ";" delimited HTTP header
field.
Thanks!
Rob
PS. Who's the current maintainer of Apache::AuthCookie? I seem to
remember reading somehwere that it is no longer Eric Bartley.
------------------------------------------------------------------------------
diff AuthCookie.pm*
112c112
< $r->err_headers_out->add("Set-Cookie" => $auth_type . "_" .
---
> $r->err_header_out("Set-Cookie" => $auth_type . "_" .
114c114
< $r->log_error("set_cookie " . $r->err_headers_out->add("Set-Cookie"))
---
> $r->log_error("set_cookie " . $r->err_header_out("Set-Cookie"))
142c142
< $r->err_headers_out->add("Set-Cookie" => $auth_type . "_" . $auth_name .
---
> $r->err_header_out("Set-Cookie" => $auth_type . "_" . $auth_name .
145c145
< $r->log_error("set_cookie " . $r->err_headers_out->add("Set-Cookie"))
---
> $r->log_error("set_cookie " . $r->err_header_out("Set-Cookie"))
------------------------------------------------------------------------------