43661 – Cookie Latency in CGI applications

Bug 43661 - Cookie Latency in CGI applications

Summary: Cookie Latency in CGI applications

Status:	RESOLVED INVALID

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	All (show other bugs)
Version:	2.0-HEAD
Hardware:	PC FreeBSD

Importance:	P5 minor (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:	http://ggbts.org
Keywords:	APIBug

Depends on:
Blocks:

Reported:	2007-10-19 12:00 UTC by Herb Drake
Modified:	2008-02-11 05:17 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Herb Drake 2007-10-19 12:00:24 UTC

It seems that Apache loads a CGI application, launches it, and then loads 
HTTP_COOKIE into the environment in that order. If the cookie is read 
immediately, it will often be wrong -- it will be inherited from the previous 
user of the application.

The workaround is to write the application so that it runs as much unrelated 
code as possible before it reads the cookie.

(Using gnu c++ compiler on ViaVerio VPS3 2000 virtual server product.)

To test: Write simple application that reads a cookie and returns a simple HTML 
page that displays the cookie value. Access the application from two separate 
browser instances that pass different values for the same cookie on the same or 
different machines. Run the app. from one browser. Then run the app. on the 
second browser. Note that the cookie value from the first machine shows up on 
the second machine, rather than the value actually passed.

Comment 1 Joe Orton 2008-02-11 05:17:03 UTC

HTTP_COOKIE is just an environment variable containing the contents of the
Cookie request header.  How and what cookies are returned to the browsers is
entirely up to the application.