Re: Wherefor 2.4.36?
Actually, I'm glad you asked. I committed after 2.4.35 to T&R 2.4.36 soon after. I'm happy to do that ASAP if there are no objections. What say you, fellow devs? How about next week? -- Daniel Ruggeri On October 6, 2018 7:53:58 PM CDT, Michael-Fever wrote: > >Aww, all I care about is getting 2.4.36 going so I can say I have TLS >1.3 >supported with my h2. LOL, no but seriously, is 2.4.36 stable enough >to be >using? > > > >-- >Sent from: >http://apache-http-server.18135.x6.nabble.com/Apache-HTTP-Server-Dev-f4771363.html
Re: Wherefor 2.4.36?
Aww, all I care about is getting 2.4.36 going so I can say I have TLS 1.3 supported with my h2. LOL, no but seriously, is 2.4.36 stable enough to be using? -- Sent from: http://apache-http-server.18135.x6.nabble.com/Apache-HTTP-Server-Dev-f4771363.html
mod_session_cookie and duplicate headers
Hi everybody, I noticed that several bugs have been reporting duplicate Set-Cookie headers in responses when using mod_session_cookie: https://bz.apache.org/bugzilla/show_bug.cgi?id=56098 https://bz.apache.org/bugzilla/show_bug.cgi?id=55278 https://bz.apache.org/bugzilla/show_bug.cgi?id=60910 And possibly others.. The last one contains a simple patch that avoids mod-session_cookie to set the header in both r->headers_out and r->err_headers_out, that IIUC from their semantics should not be used together for the same header. I tried the patch and it seems working, but I am not sure if there are drawbacks in committing it. From what I can see leaving only the header in err_headers_out should not break any existing use case and fix the duplication. Thoughts? Thanks in advance, Luca
