[drupal-devel] [bug] drupal_http_request improper handles set-cookie headers

Dries drupal-devel at drupal.org
Thu Aug 11 07:28:09 UTC 2005


Issue status update for 
http://drupal.org/node/28629
Post a follow up: 
http://drupal.org/project/comments/add/28629

 Project:      Drupal
 Version:      cvs
 Component:    base system
 Category:     bug reports
 Priority:     critical
 Assigned to:  chx
 Reported by:  chx
 Updated by:   Dries
-Status:       patch (ready to be committed)
+Status:       patch (code needs work)

Please add a code comment quoting the relevant bits of the RFC.  Like
that, we'll be able to understand what is going on.




Dries



Previous comments:
------------------------------------------------------------------------

Wed, 10 Aug 2005 17:42:33 +0000 : chx

Attachment: http://drupal.org/files/issues/resp.patch (775 bytes)

This is an issue with cookies: when you get multiple response headers
with the same name, they are overridden. This is probably what we want
for location but for set-cookie this is bad. So says RFC 2109:
"
   Informally, the Set-Cookie response header comprises the token Set-
   Cookie:, followed by a comma-separated list of one or more cookies.

"


------------------------------------------------------------------------

Wed, 10 Aug 2005 18:05:04 +0000 : killes at www.drop.org

according to the cited RFC I believe this to be correct. The patch does
apply and does not cause parse errors. ;)







More information about the drupal-devel mailing list