Received: (qmail 21837 invoked by uid 2012); 7 Jun 1998 03:47:12 -0000 Message-Id: <19980607034712.21836.qmail@hyperreal.org> Date: 7 Jun 1998 03:47:12 -0000 From: Glenn Fleishman Reply-To: glenn@glenns.org To: apbugs@hyperreal.org Subject: Duplicate cookies with same name, different domain X-Send-Pr-Version: 3.2 >Number: 2370 >Category: mod_usertrack >Synopsis: Duplicate cookies with same name, different domain >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat Jun 6 20:50:01 PDT 1998 >Last-Modified: Fri Jan 29 11:59:11 PST 1999 >Originator: glenn@glenns.org >Organization: >Release: 1.3.0 >Environment: gcc 2.8.1, SunOS 4.1.3_U1 >Description: I changed mod_cookie in 1.2.x to write "visit=" instead of "Apache=" to conform with other visit cookies being written by other servers and provide improved log analysis across platforms. So before compiling 1.3.0, I made the same change: #define COOKIE_NAME "visit=" However, it appears that mod_usertrack doesn't provide a domain= value in the Set-Cookie header where 1.2.x did (this is by inference) as after testing 1.3.0, I find I have two visit= cookies. One is set to domain=glenns.org and another to domain=www.glenns.org. However, the code at spot_cookie should get a Cookie header from my browser for glenns.org *and* for www.glenns.org. That is, the previously set "visit=" cookie should have been sent by the browser, and Apache should have recoginzed it and not written a new one. Am I encountering a browser bug about when the Cookie header is sent? This is a funny one to test as I'd have to keep stopping and starting servers and I'm in enough of a production environment to not be able to do that. Or has behavior changed between 1.2 and 1.3 and it's a problem? >How-To-Repeat: Currently, http://www.glenns.org uses Apache 1.2.x to set cookies for www.glenns.org. >Fix: If spot_cookie is broken (which it doesn look like it is), that should be debugged. If it's browser behavior, it should be documented. Also, it would be great if you could specify domain= value via a configuration directive or at least via a variable in mod_usertrack. >Audit-Trail: State-Changed-From-To: open-feedback State-Changed-By: mjc State-Changed-When: Sun Jun 7 03:23:15 PDT 1998 State-Changed-Why: There haven't been any functionality changes to mod_usertrack between Apache 1.2 and 1.3. Specifically, mod_usertrack in 1.2.6 and 1.3.0 does not set a Domain= value. Can you check to make sure that you are receiving two cookies? The easiest way to do this is to write a simple script on your 1.3.0 server that dumps it's environment and look at the HTTP_COOKIE variable. Comment-Added-By: lars Comment-Added-When: Sat Nov 14 08:49:20 PST 1998 Comment-Added: [This is a standard response.] This Apache problem report has not been updated recently. Please reply to this message if you have any additional information about this issue, or if you have answers to any questions that have been posed to you. If there are no outstanding questions, please consider this a request to try to reproduce the problem with the latest software release, if one has been made since last contact. If we don't hear from you, this report will be closed. If you have information to add, BE SURE to reply to this message and include the apbugs@Apache.Org address so it will be attached to the problem report! State-Changed-From-To: feedback-closed State-Changed-By: coar State-Changed-When: Fri Jan 29 11:59:11 PST 1999 State-Changed-Why: [This is a standard response.] No response from submitter, assuming issue has been resolved. >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]