https://bz.apache.org/bugzilla/show_bug.cgi?id=68473
Bug ID: 68473
Summary: mod_session_dbd causes duplicate set-cookie headers to
be sent
Product: Apache httpd-2
Version: 2.4.57
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_session_dbd
Assignee: bugs@httpd.apache.org
Reporter: 99kimboslice@gmail.com
Target Milestone: ---
It would seem mod_session_dbd causes duplicate set-cookie headers, this has
been an issue for many years (10+) with reports going unresolved
I am re-reporting this issue in hopes it gains some traction
Here is a complete, basic configuration to reproduce the issue
ServerRoot "C:/Apache24"
Listen 80
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule session_module modules/mod_session.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule dir_module modules/mod_dir.so
<Directory />
AllowOverride none
Require all denied
</Directory>
DBDriver odbc
DBDParams "odbc_connection_string"
DBDKeep 10
DBDMax 10
DBDMin 3
DBDPrepareSQL "select value from sessions where token = %s and (expiry = 0 or
expiry > %lld)" selectsession
DBDPrepareSQL "delete from sessions where token = %s" deletesession
DBDPrepareSQL "insert into sessions (value, expiry, token) values (%s, %lld,
%s)" insertsession
DBDPrepareSQL "update sessions set value = %s, expiry = %lld, token = %s where
token = %s" updatesession
DBDPrepareSQL "delete from sessions where expiry != 0 and expiry < %lld"
cleansession
DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
Require all granted
Session On
SessionDBDCookieName test path=/
SessionMaxAge 604800
SessionEnv on
SessionHeader X-Replace-Session
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 68473
Summary: mod_session_dbd causes duplicate set-cookie headers to
be sent
Product: Apache httpd-2
Version: 2.4.57
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_session_dbd
Assignee: bugs@httpd.apache.org
Reporter: 99kimboslice@gmail.com
Target Milestone: ---
It would seem mod_session_dbd causes duplicate set-cookie headers, this has
been an issue for many years (10+) with reports going unresolved
I am re-reporting this issue in hopes it gains some traction
Here is a complete, basic configuration to reproduce the issue
ServerRoot "C:/Apache24"
Listen 80
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule session_module modules/mod_session.so
LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule dir_module modules/mod_dir.so
<Directory />
AllowOverride none
Require all denied
</Directory>
DBDriver odbc
DBDParams "odbc_connection_string"
DBDKeep 10
DBDMax 10
DBDMin 3
DBDPrepareSQL "select value from sessions where token = %s and (expiry = 0 or
expiry > %lld)" selectsession
DBDPrepareSQL "delete from sessions where token = %s" deletesession
DBDPrepareSQL "insert into sessions (value, expiry, token) values (%s, %lld,
%s)" insertsession
DBDPrepareSQL "update sessions set value = %s, expiry = %lld, token = %s where
token = %s" updatesession
DBDPrepareSQL "delete from sessions where expiry != 0 and expiry < %lld"
cleansession
DocumentRoot "C:/Apache24/htdocs"
<Directory "C:/Apache24/htdocs">
Require all granted
Session On
SessionDBDCookieName test path=/
SessionMaxAge 604800
SessionEnv on
SessionHeader X-Replace-Session
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org