Disallow setting cache context in .htaccess, lest it be abused for cross-site

or cross-application authn attacks.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@957918 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c
index ef15ef30da7aef667ce8f3a7ed54aca7ab96b00a..baf49f3bbddb6e0919572a7ee081ff47929896a8 100644 (file)
--- a/modules/aaa/mod_authn_socache.c
+++ b/modules/aaa/mod_authn_socache.c
@@ -194,7 +194,7 @@ static const command_rec authn_cache_cmds[] =
                   OR_AUTHCFG, "Timeout (secs) for cached credentials"),
     AP_INIT_TAKE1("AuthnCacheContext", ap_set_string_slot,
                   (void*)APR_OFFSETOF(authn_cache_dircfg, context),
-                  OR_AUTHCFG, "Context for authn cache"),
+                  ACCESS_CONF, "Context for authn cache"),
     {NULL}
 };