Bug 56105 - mod_lua uses apr_table_set() for Set-Cookie - bug?
Summary: mod_lua uses apr_table_set() for Set-Cookie - bug?
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_lua (show other bugs)
Version: 2.4.7
Hardware: All All
: P2 minor (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Reported: 2014-02-04 12:41 UTC by Kevin J Walters
Modified: 2014-02-11 19:38 UTC (History)
1 user (show)

Patch for the issue, against trunk (479 bytes, patch)
2014-02-11 13:36 UTC, Edward Lu
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin J Walters 2014-02-04 12:41:48 UTC
I was browsing apache httpd source code, as you do, and noted that mod_lua uses apr_table_set() to add Set-Cookie to http response headers.

This looks wrong as this response header is one where a header is added per cookie. As is, it would a) only allow this module to set a single cookie and b) over-write any values set by other modules. Other modules typically use apr_table_add for this particular response header.
Comment 1 Edward Lu 2014-02-11 13:36:30 UTC
Created attachment 31301 [details]
Patch for the issue, against trunk
Comment 2 Eric Covener 2014-02-11 17:10:35 UTC
thanks, fixed in http://svn.apache.org/r1567221
Comment 3 Eric Covener 2014-02-11 19:38:06 UTC
backported in r1567328.