Hi
We have been bitten by this bug and there is no reason anyone else
should be bitten as well. To be affected by this you need to run all of
the following:
- Apache 2.0 or 1.x (fixed in Apache 2.2) with mod_proxy or mod_jk
- magnolia-module-cache
- sessions (or cookies with session lifetime) on cached pages
The behavior is like this:
A user GETs a cached website and the response includes some cookie with
a session lifetime, could be session id or anything else. Magnolia
returns HTTP code 200. The user agent receives the cookies in a
Set-Cookie header. Everything goes normal.
The user leaves the website, the browser discards the cookie. That's
true for the session id cookie (JSESSIONID) and possibly others.
The user comes again. The website is still in the cache so the browser
validates it with a conditional get (If-Modified-Since). Magnolia
returns HTTP code 304 and a Set-Cookie header. Apache removes the
Set-Cookie header! The user agent will not get cookie, eg not get a session.
The related Apache Bug:
https://issues.apache.org/bugzilla/show_bug.cgi?id=18388
Cheers
Philippe
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
