Bug 48295 - ProxyPassReverseCookiePath: Not changing path correctly.
Summary: ProxyPassReverseCookiePath: Not changing path correctly.
Status: REOPENED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.2.14
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
: 48312 51127 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-11-27 22:26 UTC by Jie Gao
Modified: 2018-05-28 18:21 UTC (History)
1 user (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jie Gao 2009-11-27 22:26:38 UTC 
From Apache documentation:

"Usage is basically similar to ProxyPassReverse, but instead of rewriting headers that are a URL, this rewrites the path string in Set-Cookie headers."

It does not seem to be the case.

Example:

<Location /sss/>
ProxyHTMLEnable On
ProxyPass http://backend.server/
ProxyPassReverse /
ProxyHTMLURLMap / /sss/
ProxyPassReverseCookiePath / /sss/
</Location>

This will rewrite cookie path from backend server's /cgi-bin to /sss/ for the frontend server.

Is this intended behaviour?



Jie
Comment 1 Eric Covener 2009-11-28 03:59:59 UTC 
Post verbatim headers of the bug you're describing.
Comment 2 Jie Gao 2009-11-28 17:47:34 UTC 
Script setting the cookie:

#!/usr/bin/perl -w

use strict;
use CGI;

my $q = new CGI;

my $cookie_1 = $q->cookie(-name=>'jie_COOKIE_1',
    -value=>'BEST_COOKIE=chocolatechip',
    -domain=>'www-dev.xxxxxx.xxx.xx',
    -path=>'/cgi-bin');

print $q->header(-cookie=>$cookie_1);


print $q->start_html('My cookie-set.cgi program');
print $q->h3('The cookie has been set');

print $q->end_html;
-----------------------------------------------------

Running it directly to the backend server


HTTP/1.0 200 OK
Date: Sun, 29 Nov 2009 01:42:56 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: jie_COOKIE_1=BEST_COOKIE%3Dchocolatechip; domain=xxx.xxx.xxx; path=/cgi-bin
Content-Type: text/html; charset=ISO-8859-1
X-Cache: MISS from www-cacheE.xxx.xxx.xx
X-Cache-Lookup: MISS from www-cacheE.xxx.xxx.xx:8080
Via: 1.0 www-cacheE.xxx.xxx.xx:8080 (squid/2.6.STABLE5)
Proxy-Connection: close

Running it on the rp server:

HTTP/1.0 200 OK
Date: Sun, 29 Nov 2009 01:46:24 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/html; charset=utf-8
Set-Cookie: jie_COOKIE_1=BEST_COOKIE%3Dchocolatechip; domain=www-dev.xxx.xxx.xx; path=/sss/
X-Cache: MISS from www-cacheE.xxxx.xxx.xx
X-Cache-Lookup: MISS from www-cacheE.xxx.xxx.xx:8080
Via: 1.0 www-cacheE.xxx.xx.xx:8080 (squid/2.6.STABLE5)
Proxy-Connection: close
Comment 3 Nick Kew 2009-11-28 18:33:58 UTC 
Path is defined as the component of the URL up to and including the rightmost slash.  So the path of "/cgi-bin" is "/".
Comment 4 Jie Gao 2009-11-28 19:17:34 UTC 
I changed the script to set the cookie path to "/cgi-bin/', but I got the same
result from the RP as before.
Comment 5 Jie Gao 2009-11-28 19:19:54 UTC 
I changed the script to set the cookie path to "/cgi-bin/', but I got the same
result from the RP as before.
Comment 6 Jie Gao 2009-11-29 18:34:50 UTC 
From rfc 2965:

Path    Defaults to the path of the request URL that generated the
           Set-Cookie2 response, up to and including the right-most /.
Comment 7 Jie Gao 2009-11-30 16:02:01 UTC 
*** Bug 48312 has been marked as a duplicate of this bug. ***
Comment 8 Mark Thomas 2009-11-30 16:46:36 UTC 
Note that due to a data loss on 26/27 Nov 2009 the issue that was originally created as bug 48295 was lost. It has been re-created as bug 48306.
Comment 9 Christophe JAILLET 2018-05-28 18:15:53 UTC 
*** Bug 48312 has been marked as a duplicate of this bug. ***
Comment 10 Christophe JAILLET 2018-05-28 18:17:16 UTC 
*** Bug 51127 has been marked as a duplicate of this bug. ***
Comment 11 Christophe JAILLET 2018-05-28 18:21:46 UTC 
See also bug 54306 which could be a solution for such cases