Bug 30399 - mod_cache caching Set-Cookie headers
Summary: mod_cache caching Set-Cookie headers
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_cache (show other bugs)
Version: 2.0.50
Hardware: All All
: P1 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on: 23687
  Show dependency tree
Reported: 2004-07-29 23:12 UTC by Rüdiger Plüm
Modified: 2005-03-08 13:00 UTC (History)
0 users

CacheStoreCookies Patch (5.78 KB, patch)
2004-08-01 10:38 UTC, Rüdiger Plüm
Details | Diff
Patch against 2.0.51 (6.60 KB, patch)
2004-09-28 12:24 UTC, Rüdiger Plüm
Details | Diff
More general approach patch against 2.0.52. (10.31 KB, patch)
2004-10-15 08:55 UTC, Rüdiger Plüm
Details | Diff
Patch against 2.0.53 (10.76 KB, patch)
2005-03-08 22:00 UTC, Rüdiger Plüm
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Rüdiger Plüm 2004-07-29 23:12:07 UTC

I have a question regarding mod_cache's behaviour about caching response headers.
I noticed that mod_cache also stores cookies (or better the Set-Cookie header)
with all the other End-to-end headers (see 13.5.1 RFC 2616). As I can see
from the RFC this is required to be RFC 2616 compliant.

In my special case this is a problem because I try to use mod_cache to cache
Tomcat generated jsps for performance reasons.

Currently I help myself by adding

apr_table_unset(headers_out, "Set-Cookie");

to ap_cache_cacheable_hdrs_out. As this approach breaks RFC 2616 compliance I
am sure that this approach will never be part of the official Apache code.

To prevent patching of future Apache versions I would like ask to if
there is any chance that an additional configuration directive will be added
to mod_cache that allows to define headers that should not be cached.
Of course setting this directive in your configuration would break RFC 2616
compliance of mod_cache, so the default value for this directive should be
empty or none.


Rüdiger Plüm
Comment 1 Rüdiger Plüm 2004-08-01 10:37:39 UTC

meanwhile I wrote a patch to mod_cache / mod_disk_cache / mod_mem_cache that
introduces the new server config directive CacheStoreCookies. By default this
directive is set to "On" thus leaving everything as it currently behaves
in 2.0.50. Setting CacheStoreCookies to "Off" prevents the Set-Cookie headers
from being stored by the cache. This way I can configure the behaviour that
I need in my special case.


Rüdiger Plüm
Comment 2 Rüdiger Plüm 2004-08-01 10:38:51 UTC
Created attachment 12295 [details]
CacheStoreCookies Patch
Comment 3 Rüdiger Plüm 2004-08-18 11:28:47 UTC
My patch has a little different implementation approach compared to the patch of
23687. Also the patch for the documentation is currently missing. I will add
this when I find time or someone gets interested in my version of the patch.
Comment 4 Rüdiger Plüm 2004-09-28 12:24:24 UTC
Created attachment 12877 [details]
Patch against 2.0.51
Comment 5 Rüdiger Plüm 2004-10-15 08:55:25 UTC
Created attachment 13097 [details]
More general approach patch against 2.0.52.
Comment 6 Rüdiger Plüm 2004-10-15 08:58:42 UTC
After a discussion on the developer list the new patch has a more general
approach and replaces the previous CacheStoreCookies directive with the more
general CacheIgnoreHeaders directive which allows to prevent arbitrary headers
from being stored, not just cookies.
Comment 7 Justin Erenkrantz 2004-11-15 01:10:18 UTC
CacheIgnoreHeaders is now in 2.1 and will be incorporated in a future release.

Comment 8 Rüdiger Plüm 2005-03-08 22:00:48 UTC
Created attachment 14434 [details]
Patch against 2.0.53