Bug 43661 - Cookie Latency in CGI applications
Summary: Cookie Latency in CGI applications
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: All (show other bugs)
Version: 2.0-HEAD
Hardware: PC FreeBSD
: P5 minor (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL: http://ggbts.org
Keywords: APIBug
Depends on:
Reported: 2007-10-19 12:00 UTC by Herb Drake
Modified: 2008-02-11 05:17 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Herb Drake 2007-10-19 12:00:24 UTC
It seems that Apache loads a CGI application, launches it, and then loads 
HTTP_COOKIE into the environment in that order. If the cookie is read 
immediately, it will often be wrong -- it will be inherited from the previous 
user of the application.

The workaround is to write the application so that it runs as much unrelated 
code as possible before it reads the cookie.

(Using gnu c++ compiler on ViaVerio VPS3 2000 virtual server product.)

To test: Write simple application that reads a cookie and returns a simple HTML 
page that displays the cookie value. Access the application from two separate 
browser instances that pass different values for the same cookie on the same or 
different machines. Run the app. from one browser. Then run the app. on the 
second browser. Note that the cookie value from the first machine shows up on 
the second machine, rather than the value actually passed.
Comment 1 Joe Orton 2008-02-11 05:17:03 UTC
HTTP_COOKIE is just an environment variable containing the contents of the
Cookie request header.  How and what cookies are returned to the browsers is
entirely up to the application.