(This bug report supersedes bug 27823.) %{cookname}C will log the value of the first cookie whose name includes "cookname" as any substring. To reproduce, configure httpd with a LogFormat such as
(This bug report supersedes bug 27823.) %{cookname}C will log the value of the first cookie whose name includes "cookname" as any substring. To reproduce, configure httpd with a LogFormat such as LogFormat ${cook}C %t \"%r\" %>s %b" commontest CustomLog logs/access_log commontest Now test it with a cookie header that starts with a cookie named "logcookie": GET -d -H 'Cookie: logcookie=wrong_value; cook=right_value' http://127.0.0.1/ Examine access_log and see that the wrong_value has been captured: 127.0.0.1 e=wrong_value - [29/Mar/2004:22:59:08 -0500] "GET / HTTP/1.1" 200 1456 The attached patch fixes this bug, and also brings %{...}C into compliance with RFC 2109, which says that cookie names are case-independent and white space is permitted around the '=' separating the name and value.
Created attachment 11040 [details] Patch to fix bugs in log_cookie function in mod_log_config.c
*** Bug 27823 has been marked as a duplicate of this bug. ***
as of 2.0.59 this bug still exists. ALSO, the description is incorrect. the returned cookie's value will be whatever value starts at 1 position after the end of the match of the cookie's name to *ANY* part of the Cookie header string to the next ';' or end of string. thus, if i want cookie "b" and have HTTP_COOKIE of "auth=FNsijUa5mbFSzPZRqxP5aQ; userId=536; b=95b803f5ed27fe13b84b186559553aaf835082952f54a0b7c7ea" the value returned will be "SzPZRqxP5aQ". the patch looks like it'll solve this problem.
patch confirmed to work in 2.0.59 (In reply to comment #4) > the value returned will be "SzPZRqxP5aQ". the patch looks like it'll solve > this problem.
fixed in trunk in r833738
*** Bug 49166 has been marked as a duplicate of this bug. ***
proposed for backport to 2.2.x in r942891 > Stefan: how would I go about agitating for a backport? Gervase: Posting to the bug report ist the correct first step. If nobody reacts in a few weeks, mailing to the httpd-dev mailing list is a good idea.
Backported to 2.2.x as r988403.