Hi everybody, I noticed that several bugs have been reporting duplicate Set-Cookie headers in responses when using mod_session_cookie:
https://bz.apache.org/bugzilla/show_bug.cgi?id=56098 https://bz.apache.org/bugzilla/show_bug.cgi?id=55278 https://bz.apache.org/bugzilla/show_bug.cgi?id=60910 And possibly others.. The last one contains a simple patch that avoids mod-session_cookie to set the header in both r->headers_out and r->err_headers_out, that IIUC from their semantics should not be used together for the same header. I tried the patch and it seems working, but I am not sure if there are drawbacks in committing it. From what I can see leaving only the header in err_headers_out should not break any existing use case and fix the duplication. Thoughts? Thanks in advance, Luca
