In apache 1.3.23, the new mod_proxy removes cookies headers: some sites, as hotmail, return more than one Set-cookie headers. After ap_overlap_tables in proxy_http.c # 530, there is only one remaining! This is blocking since access to hotmail, yahoo ... is no longer possible.
Created attachment 1364 [details] proposal of correction for proxy_http.c
Created attachment 1365 [details] proposal of correction for proxy_util.c
Created attachment 1366 [details] proposal of correction for mod_proxy.h
I believe this has been fixed in HEAD of Apache 1.3. Please try the latest CVS version. This should be included in the forthcoming 1.3.24 release (possibly this week).
*** Bug 7362 has been marked as a duplicate of this bug. ***
This bug still seems to exist in 1.3.24. I upgraded our 1.3.20 to 1.3.24 and pages using mulitple cookies were broken, due to only the LAST "Set-Cookie:" being passed thru the mod_proxy server.
There was another fix for this issue committed just after 1.3.24 was released. You can grab a snapshot of the current code at: http://cvs.apache.org/snapshots/apache-1.3/ or you can find a patch at http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/proxy/proxy_http.c.diff?r1=1.89&r2=1.90 Please reopen this report again if the problem is not fixed.
The current snaphsot and the version 1.3.24 do not contain the fixes made in the snapshot /proxy_http.c/1.87/Wed Mar 13 23:12:04 2002// The problem is not fixed currently!
Your message is unclear. As I said, the additional fix was committed after 1.3.24 was released: http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/proxy/proxy_http.c.diff?r1=1.89&r2=1.90 Are you saying that this additional fix does not fix the problem?
*** Bug 7748 has been marked as a duplicate of this bug. ***
A fix for this bug was committed to 1.3.24-dev, but this fix didn't work properly due to the existence of commas in cookies. A new fix was committed and released in v1.3.24, but this fix was broken. The fix to the fix to the fix was committed to v1.3.25-dev, and with some luck the bug is at last, dead.
*** Bug 7874 has been marked as a duplicate of this bug. ***
*** Bug 8382 has been marked as a duplicate of this bug. ***
I patched 1.3.24 with http://cvs.apache.org/viewcvs.cgi/apache- 1.3/src/modules/proxy/proxy_http.c.diff?r1=1.89&r2=1.90 and installed it. The Set-cookie bug is fixed. However I am seeing weird characters added to html pages that are proxied by mod_proxy. After viewing the source, this is what I see. " 4d <BODY> normal html </BODY> 0 " The additional characters are '4d'(before the <BODY>) and '0'(after </BODY>). I have captured an image of another page and you can see it here. http://www.singaporeinvestor.com/sembcorp.jpg The additional characters are "8c8" and "0" I have reverted back to 1.3.22 and the problem is gone.
What you're seeing is the proxy dechunk bug, which is different than the issue in this PR. It is also fixed in CVS.
*** Bug 9212 has been marked as a duplicate of this bug. ***
The bug does not seem do be fixed for me. I work with the 1.3.26 version of apache, I also tried to download the current version of proxy_http.c from the CVS, and both give the same result : The result of a query, by direct access : HTTP/1.1 200 OK Server: Zope/(Zope 2.5.1 (source release, python 2.1, linux2), python 2.1.3, linux2) ZServer/1.1b1 Date: Sun, 23 Jun 2002 20:56:39 GMT Content-Type: text/html Etag: Content-Length: 3897 Set-Cookie: __ac_plebia="FLP2aWVyOmRk%0A"; Expires=31 Dec 2020 00:00:00 GMT; Path=/ Set-Cookie: __ac_name="Xavier"; Expires=Mon, 23 Jun 2003 20:56:39 GMT; Path=/ The result of the same query, through apache and mod_proxy : HTTP/1.1 200 OK Date: Sun, 23 Jun 2002 20:51:38 GMT Server: Zope/(Zope 2.5.1 (source release, python 2.1, linux2), python 2.1.3, linux2) ZServer/1.1b1 Content-Length: 3882 Content-Type: text/html Etag: Set-Cookie: __ac_name="Xavier"; Expires=Mon, 23 Jun 2003 20:51:39 GMT; Path=/ X-Cache: MISS from www.plebia.org Keep-Alive: timeout=15, max=95 Connection: Keep-Alive As you can see, the __ac_plebia cookie seems to be dropped.
Just to confirm, this bug is still present. With the advent of the chunked-encoding issue, users experiencing this bug can't afford *not* to upgrade. Sorry, I'm not a C hacker so I can't help fix it...
I too see this problem using 1.3.26 proxying for an application server. An older proxy (1.3.14) handles the multiple cookies OK. I hope this helps.
Created attachment 2562 [details] Successful fix on 2.24 with this series of changes
Created attachment 2563 [details] Successful fix on 2.24 with this series of changes
Created attachment 2564 [details] Successful fix on 2.24 with this series of changes
Created attachment 2565 [details] Successful fix on 2.24 with this series of changes
Created attachment 2566 [details] Successful fix on 2.24 with this series of changes
Created attachment 2567 [details] Successful fix on 2.24 with this series of changes
Created attachment 2568 [details] Successful fix on 2.24 with this series of changes
Created attachment 2569 [details] mod_proxy_cookie_fix.tgz - Tar/zipped file of successful fix on 2.24 (Sorry for previous posts)
I was successful in modifying/compiling mod_proxy and have had no multiple cookie errors since. I'm not sure if I modified any other files, please tell me if you get a compile error and I'll look up any other file.
Unresolved for 1.3.x - still requires a fix
Is it possible for you to use the diff tool to create a patch for us? In the files you uploaded, it is difficult to figure out what you changed.
Looking at this patch further, it seems to try and fix this bug in v1.3.24. This bug has already been fixed in v1.3.26 - please confirm that the problem is fixed there. (Please don't confuse this bug with a separate problem where cookies set within the proxy itself, ie cookies that do not originate from the backend server, are added to the response twice, this causing cookie duplication).
Same problem exist in Apache 2.0 for windows. Anyone has a solution?
Then why did you reopen an apache 1.3 bug? Please submit a new bug AFTER you search for a corresponding 2.0 bug, and make sure to note this original 1.3 bug. And be sure you FIRST confirm it still exists in the 2.0.43 release.
Please disregard my previous comment about the bug in Apache 2.0 for windows. The cause of the Set-cookie bug was due to my particular implementation to translate the domain value in the Set-cookie field. I have corrected this problem. Sorry for any trouble caused.