[drupal-devel] [bug] drupal_http_request improper handles
set-cookie headers
Dries
drupal-devel at drupal.org
Thu Aug 18 21:43:57 UTC 2005
Issue status update for
http://drupal.org/node/28629
Post a follow up:
http://drupal.org/project/comments/add/28629
Project: Drupal
Version: cvs
Component: base system
Category: bug reports
Priority: critical
Assigned to: chx
Reported by: chx
Updated by: Dries
Status: patch (ready to be committed)
Where did this bug trigger? One could argue that the $header-array
(input parameter) is malformed and that it is the caller's problem.
Dries
Previous comments:
------------------------------------------------------------------------
Wed, 10 Aug 2005 17:42:33 +0000 : chx
Attachment: http://drupal.org/files/issues/resp.patch (775 bytes)
This is an issue with cookies: when you get multiple response headers
with the same name, they are overridden. This is probably what we want
for location but for set-cookie this is bad. So says RFC 2109:
"
Informally, the Set-Cookie response header comprises the token Set-
Cookie:, followed by a comma-separated list of one or more cookies.
"
------------------------------------------------------------------------
Wed, 10 Aug 2005 18:05:04 +0000 : killes at www.drop.org
according to the cited RFC I believe this to be correct. The patch does
apply and does not cause parse errors. ;)
------------------------------------------------------------------------
Thu, 11 Aug 2005 07:28:06 +0000 : Dries
Please add a code comment quoting the relevant bits of the RFC. Like
that, we'll be able to understand what is going on.
------------------------------------------------------------------------
Thu, 18 Aug 2005 05:13:14 +0000 : chx
Attachment: http://drupal.org/files/issues/set_cookie.patch (883 bytes)
Well, now I feel this is ready to be commited. I even put a conditional
in it, so only Set-Cookie header gets different treatment.
More information about the drupal-devel
mailing list