(This bug report supersedes bug 27823.)

%{cookname}C will log the value of the first cookie whose name includes
"cookname" as any substring.  To reproduce, configure httpd with a LogFormat such as

LogFormat ${cook}C %t \"%r\" %>s %b" commontest
CustomLog logs/access_log commontest

Now test it with a cookie header that starts with a cookie named "logcookie":

GET -d -H 'Cookie: logcookie=wrong_value; cook=right_value' http://127.0.0.1/

Examine access_log and see that the wrong_value has been captured:

127.0.0.1 e=wrong_value - [29/Mar/2004:22:59:08 -0500] "GET / HTTP/1.1" 200 1456

The attached patch fixes this bug, and also brings %{...}C into compliance with
RFC 2109, which says that cookie names are case-independent and white space
is permitted around the '=' separating the name and value.

Created attachment 11040 [details]
Patch to fix bugs in log_cookie function in mod_log_config.c

*** Bug 27823 has been marked as a duplicate of this bug. ***

as of 2.0.59 this bug still exists.  ALSO, the description is incorrect.  the 
returned cookie's value will be whatever value starts at 1 position after the 
end of the match of the cookie's name to *ANY* part of the Cookie header 
string to the next ';' or end of string.  thus, if i want cookie "b" and have 
HTTP_COOKIE of

"auth=FNsijUa5mbFSzPZRqxP5aQ; userId=536; 
b=95b803f5ed27fe13b84b186559553aaf835082952f54a0b7c7ea"

the value returned will be "SzPZRqxP5aQ".  the patch looks like it'll solve 
this problem.

patch confirmed to work in 2.0.59

(In reply to comment #4)
> the value returned will be "SzPZRqxP5aQ".  the patch looks like it'll solve 
> this problem.

fixed in trunk in r833738

*** Bug 49166 has been marked as a duplicate of this bug. ***

proposed for backport to 2.2.x in r942891

> Stefan: how would I go about agitating for a backport?
Gervase: Posting to the bug report ist the correct first step. If nobody reacts in a few weeks, mailing to the httpd-dev mailing list is a good idea.

Backported to 2.2.x as r988403.