Bug 30399

Summary: mod_cache caching Set-Cookie headers
Product: Apache httpd-2 Reporter: Rüdiger Plüm <ruediger.pluem>
Component: mod_cacheAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: CLOSED FIXED    
Severity: enhancement Keywords: PatchAvailable
Priority: P1    
Version: 2.0.50   
Target Milestone: ---   
Hardware: All   
OS: All   
Bug Depends on: 23687    
Bug Blocks:    
Attachments: CacheStoreCookies Patch
Patch against 2.0.51
More general approach patch against 2.0.52.
Patch against 2.0.53

Description Rüdiger Plüm 2004-07-29 23:12:07 UTC 
Hi,

I have a question regarding mod_cache's behaviour about caching response headers.
I noticed that mod_cache also stores cookies (or better the Set-Cookie header)
with all the other End-to-end headers (see 13.5.1 RFC 2616). As I can see
from the RFC this is required to be RFC 2616 compliant.

In my special case this is a problem because I try to use mod_cache to cache
Tomcat generated jsps for performance reasons.

Currently I help myself by adding

apr_table_unset(headers_out, "Set-Cookie");

to ap_cache_cacheable_hdrs_out. As this approach breaks RFC 2616 compliance I
am sure that this approach will never be part of the official Apache code.

To prevent patching of future Apache versions I would like ask to if
there is any chance that an additional configuration directive will be added
to mod_cache that allows to define headers that should not be cached.
Of course setting this directive in your configuration would break RFC 2616
compliance of mod_cache, so the default value for this directive should be
empty or none.


Regards

Rüdiger Plüm
Comment 1 Rüdiger Plüm 2004-08-01 10:37:39 UTC 
Hi,

meanwhile I wrote a patch to mod_cache / mod_disk_cache / mod_mem_cache that
introduces the new server config directive CacheStoreCookies. By default this
directive is set to "On" thus leaving everything as it currently behaves
in 2.0.50. Setting CacheStoreCookies to "Off" prevents the Set-Cookie headers
from being stored by the cache. This way I can configure the behaviour that
I need in my special case.

Regards

Rüdiger Plüm
Comment 2 Rüdiger Plüm 2004-08-01 10:38:51 UTC 
Created attachment 12295 [details]
CacheStoreCookies Patch
Comment 3 Rüdiger Plüm 2004-08-18 11:28:47 UTC 
My patch has a little different implementation approach compared to the patch of
23687. Also the patch for the documentation is currently missing. I will add
this when I find time or someone gets interested in my version of the patch.
Comment 4 Rüdiger Plüm 2004-09-28 12:24:24 UTC 
Created attachment 12877 [details]
Patch against 2.0.51
Comment 5 Rüdiger Plüm 2004-10-15 08:55:25 UTC 
Created attachment 13097 [details]
More general approach patch against 2.0.52.
Comment 6 Rüdiger Plüm 2004-10-15 08:58:42 UTC 
After a discussion on the developer list the new patch has a more general
approach and replaces the previous CacheStoreCookies directive with the more
general CacheIgnoreHeaders directive which allows to prevent arbitrary headers
from being stored, not just cookies.
Comment 7 Justin Erenkrantz 2004-11-15 01:10:18 UTC 
CacheIgnoreHeaders is now in 2.1 and will be incorporated in a future release.

Thanks!
Comment 8 Rüdiger Plüm 2005-03-08 22:00:48 UTC 
Created attachment 14434 [details]
Patch against 2.0.53