Received: (qmail 22525 invoked by uid 501); 30 Jan 2002 22:48:30 -0000 Message-Id: <20020130224830.22524.qmail@apache.org> Date: 30 Jan 2002 22:48:30 -0000 From: Steve Ford Reply-To: sford@geeky-boy.com To: submit@bugz.apache.org Subject: apache_1.3.23 proxy bug with multiple cookies X-Send-Pr-Version: 3.110 >Number: 9655 >Category: mod_proxy >Synopsis: apache_1.3.23 proxy bug with multiple cookies >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jan 30 14:50:00 PST 2002 >Closed-Date: Tue Feb 12 09:26:04 PST 2002 >Last-Modified: Tue Feb 12 09:26:04 PST 2002 >Originator: sford@geeky-boy.com >Release: apache_1.3.23 >Organization: >Environment: Sun Ultra 5 uname -a: SunOS prometheus 5.7 Generic_106541-06 sun4u sparc SUNW,Ultra-5_10 gcc -v: Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/2.95.2/specs gcc version 2.95.2 19991024 (release) >Description: When running apache 1.3.23 as a proxy, it does not properly pass multiple "Set-Cookie:" headers to the client. I tried to log into mail.yahoo.com and it responded with three cookies. Apache discarded the first two and only passed the third "Set-Cookie:" header line to the client. (This was verified by packet snooping.) As a check, I built and configured apache_1.3.22 exactly the same way. It appears to work properly. I built apache with: ./configure --prefix=/home/sford/apache --enable-module=rewrite --enable-module=proxy --disable-rule=SHARED_CORE I configured the proxy with: ProxyRequests On Order deny,allow Deny from all Allow from 10.10.10.104 ProxyVia On CacheRoot "/home/sford/apache/proxy" CacheSize 1 CacheGcInterval 4 CacheMaxExpire 24 CacheLastModifiedFactor 0.1 CacheDefaultExpire 1 >How-To-Repeat: Build 1.3.23 as above and configure a client to proxy through it. Then try to log into mail.yahoo.com. (Make sure the client doesn't already have cookies set.) It helps to do a packet dump of both sides of apache. >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: slive State-Changed-When: Tue Feb 12 09:26:04 PST 2002 State-Changed-Why: The patch at http://www.apache.org/~slive/proxy-patch.txt has been applied to fix this problem. Please try it out and report back if it does not fix your problem. It will be included in the next release. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]